|
Your download link is at the very bottom of the page... always. |
Processed through Paypal No account required. Donate Bitcoin to this wallet: 1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm Donate Ethereum to this wallet: 0x40E56922F43637224935CDC35e2c96E0392A8505 Donate Litecoin to this wallet: LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL |
File - Download Chainsaw v2.5.0 | ||||||||
Description | ||||||||
A Plea. Deanna and I (Your Older Geeks) have been running OlderGeeks.com since 2008 and lately we are seeing a major increase in usage (and cost) but a big decline in percentage of users who donate. Our ad-free and junkware-free download site only works if everyone chips in to offset the revenue that ads on other sites bring in. Please donate on the website today. Every little bit helps. Thank you so much. -D&R Always scroll to the bottom of the page for the main download link. We don't believe in fake/misleading download buttons and tricks. The link is always in the same place. Chainsaw v2.5.0 Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules. Features 🔍 Search and extract event log records by event IDs, string matching, and regex patterns 🎯 Hunt for threats using Sigma detection rules and custom built-in detection logic ⚡ Lightning fast, written in rust, wrapping the EVTX parser library by @OBenamram 🔥 Document tagging (detection logic matching) provided by the TAU Engine Library 📑 Output in an ASCII table format, CSV format, or JSON format Hunting Logic Sigma Rule Matching Using the --rules and --mapping parameters you can specify a directory containing a subset of SIGMA detection rules (or just the entire SIGMA git repo) and chainsaw will automatically load, convert and run these rules against the provided event logs. The mapping file tells chainsaw what event IDs to run the detection rules against, and what fields are relevant. By default the following event IDs are supported: Built-In Logic Extraction and parsing of Windows Defender, F-Secure, Sophos, and Kaspersky AV alerts Detection of key event logs being cleared, or the event log service being stopped Users being created or added to sensitive user groups Brute-force of local user accounts RDP Logins You can specify the --lateral-all flag to chainsaw to also parse and extract additional 4624 logon types (network logons, service, batch etc.) relating to potential lateral movement that may be interesting for investigations. Getting Started You can use the pre-compiled versions of chainsaw from Oldergeeks.com, or you can clone the repo (and the submodules) by running: git clone --recurse-submodules https://github.com/countercept/chainsaw.git You can then compile the code yourself by running: cargo build --release. Once the build has finished, you will find a copy of the compiled binary in the target/release folder. Make sure to build with the --release flag as this will ensure significantly faster execution time. If you want to quickly see what Chainsaw looks like when it runs, you can use the command: ./chainsaw hunt evtx_attack_samples/ --rules sigma_rules/ --mapping mapping_files/sigma-mapping.yml Supporting Additional Event IDs (via Mapping Files) When using Sigma rule detection logic, Chainsaw requires a 'mapping file' to tell it which event IDs to check, what fields are important, and which fields to output in the table view. The included sigma mapping in the "mapping_files" directory already supports most of the key Event IDs, but if you want to add support for additional event IDs you can use this mapping file as a template. Examples Searching Help Output: Command Examples Search all .evtx files in the evtx_files dir for event id 4624 ./chainsaw search ~/Downloads/evtx_files/ -e 4624 Search a specific evtx log for logon events containing the string "bob" (case insensitive) ./chainsaw search ~/Downloads/evtx_files/security.evtx -e 4624 -s "bob" -i Search a specific evtx log for logon events, with a matching regex pattern. Save results to file ./chainsaw search ~/Downloads/evtx_files/security.evtx -e 4624 -r "bob[a-zA-Z]" -o out.txt Hunting Help Output: Command Examples Hunt through all event logs in a specific path, show additional information relating to potential lateral movement, and save results to individual CSV files Hunt through all event logs in a specific path, apply detection logic and TAU rules from the specified path Changes v2.5.0 This release contains the following changes of note: Bring in upstream fix for evtx files that contain the size_t type (thanks to upstream for such a quick turn around) Add in a dump command so that people stop bodging the functionality via search Minor fixes and tweaks This download is for the Windows version. All other download assets are below: MacOS: chainsaw_x86_64-apple-darwin.zip Linux: chainsaw_x86_64-unknown-linux-gnu.tar.gz chainsaw_x86_64-unknown-linux-musl.tar.gz Other: chainsaw_all_platforms+rules+examples.zip Click here to visit the author's website. Continue below for the main download link. |
||||||||
Downloads | Views | Developer | Last Update | Version | Size | Type | Rank | |
2,533 | 4,549 | F-Secure Countercept <img src="https://www.oldergeeks.com/downloads/gallery/thumbs/Chainsaw5_th.png"border="0"> | Mar 17, 2023 - 11:34 | 2.5.0 | 2.06MB | ZIP | , out of 22 Votes. | |
File Tags | ||||||||
Chainsaw v2.5.0 |
Click to Rate File     Share it on Twitter → Tweet
|