View Issue Details

IDProjectCategoryView StatusLast Update
0007550Kali LinuxQueued Tool Additionpublic2024-10-24 13:09
Reporterdoublezero Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Fixed in Version2024.4 
Summary0007550: Chainsaw - Windows Event Log Parser (DFIR)
Description

Name - Chainsaw
Version - Latest
Homepage - https://github.com/countercept/chainsaw
Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.

Install -
You can find pre-compiled versions of chainsaw in the releases section of this Github repo, or you can clone the repo (and the submodules) by running: git clone --recurse-submodules https://github.com/countercept/chainsaw.git

You can then compile the code yourself by running: cargo build --release. Once the build has finished, you will find a copy of the compiled binary in the target/release folder.

Make sure to build with the --release flag as this will ensure significantly faster execution time.

Activities

g0tmi1k

g0tmi1k

2022-03-25 13:40

administrator   ~0015937

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Arszilla

Arszilla

2024-09-26 00:52

reporter   ~0019826

Last edited: 2024-09-26 01:10

Drafted package is now available for review: https://gitlab.com/Arszilla/chainsaw

daniruiz

daniruiz

2024-10-24 13:09

manager   ~0019965

This tool is now packaged and should be ready in kali-rolling in a few days.
Thank you @Arszilla!

Issue History

Date Modified Username Field Change
2022-01-29 01:56 doublezero New Issue
2022-03-25 13:40 g0tmi1k Note Added: 0015937
2022-03-25 13:40 g0tmi1k Category New Tool Requests => Queued Tool Addition
2022-05-04 12:54 g0tmi1k Status new => acknowledged
2024-09-26 00:52 Arszilla Note Added: 0019826
2024-09-26 01:10 Arszilla Note Edited: 0019826
2024-10-24 13:09 daniruiz Note Added: 0019965
2024-10-24 13:09 daniruiz Assigned To => daniruiz
2024-10-24 13:09 daniruiz Status acknowledged => resolved
2024-10-24 13:09 daniruiz Resolution open => fixed
2024-10-24 13:09 daniruiz Fixed in Version => 2024.4