chainsaw
Purpleteam
chainsaw | Purpleteam | |
---|---|---|
14 | 1 | |
2,554 | 123 | |
1.8% | - | |
8.3 | 7.8 | |
20 days ago | 11 days ago | |
Rust | PowerShell | |
GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
chainsaw
-
Angle-grinder: Slice and dice logs on the command line
There’s already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
- Agent event queue is flooded. Check the agent configuration
- What's your favorite cybersecurity tool?
-
Tools for "static" log analysis
https://github.com/WithSecureLabs/chainsaw if you're just looking for bad stuff.
- Chainsaw v2.0 Release - Hunt and Search Through Windows Event Logs
- Chainsaw v2.0.0 - Rapidly Search and Hunt through Windows Event Logs
- Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
-
EvtxHussar 1.0
Differences between this and Chainsaw? Chainsaw
- IR log Collection/Parsing Recommendations
-
AMA : I’m a cybersecurity engineer at Microsoft .
Use Chainsaw for event logs https://github.com/countercept/chainsaw
Purpleteam
What are some alternatives?
EvtxHussar - Initial triage of Windows Event logs
MAL-CL - MAL-CL (Malicious Command-Line)
hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
zff-rs - Library to handle the files in zff format (file format to store and handle forensic acquisitions).
awesome-lists - Security lists for SOC detections
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
macOS-ATTACK-DATASET - JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
ThreatHunting-Keywords - Awesome list of keywords and artifacts for Threat Hunting sessions
EnableWindowsLogSettings - Documentation and scripts to properly enable Windows event logs.
awesome-threat-detection - ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️