issues
search
WithSecureLabs
/
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
GNU General Public License v3.0
2.64k
stars
236
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Windows 11 Shim Cache Analysys Errors
#173
pdutton-vc
closed
1 week ago
2
v2.9.1 mac X86 64 binary is actual an ARM64, not x86
#172
rsulliva
closed
2 weeks ago
3
BUG: Aggregate String Fields Not Coalescing
#171
import-pandas-as-numpy
closed
4 weeks ago
1
Tau for multiple variables?
#170
Sil3ntgh0st
closed
4 weeks ago
6
feat(dump): allow dumping of multiple files
#169
Lucas-ech
closed
1 month ago
0
Microsoft Defender / Antivirus detections removed in new releases
#168
AnthoLaMalice
opened
1 month ago
7
chore: pub mod rule
#167
FranticTyping
closed
3 months ago
0
fix: change default search behaviour to match_all
#166
FranticTyping
closed
3 months ago
0
feat: extend match_all option to tau patterns
#165
FranticTyping
closed
3 months ago
0
'--timezone' and '--local' option not working as intended
#164
mohdaadilf
closed
2 months ago
2
feat: match_all option for regex patterns
#163
FranticTyping
closed
4 months ago
2
feat(rules): add kerberoasting related rules
#162
Lucas-ech
closed
5 months ago
1
add nix flake
#161
unrooted
closed
6 months ago
1
Feature Request: Event Log ID / Sigma Summary
#160
ssnkhan
opened
6 months ago
1
add nix flake
#159
unrooted
closed
6 months ago
0
Rule for F-Secure Client Security 11 & 12
#158
reece394
closed
6 months ago
1
McAfee, Trellix, Kaspersky and Microsoft Windows Security Essentials Rules
#157
reece394
closed
6 months ago
0
Service Installation 7045 Rules
#156
reece394
closed
6 months ago
2
Fixes to rasvpn rules
#155
reece394
closed
6 months ago
0
Update Sigma Mapping File to Reduce False Positives
#154
reece394
closed
6 months ago
3
Update Windows Defender rule to filter for key EventIDs
#153
reece394
closed
6 months ago
0
Search feature doesn't parse backslashes
#152
b0s0z0ku
closed
7 months ago
2
Sigma organization by Mitre ATTA&CK
#150
dan21san
closed
7 months ago
5
[Feature Request] Support for "contains", "|" and "all" in both chainsaw and sigma rules
#149
reece394
closed
7 months ago
4
Looking for clarity for mft yaml 'filter' issue
#148
gr3y56
opened
8 months ago
3
fix: handle unknown AppId and UserId values (no entry in SruDbIdMapTable)
#147
catarinadf
closed
8 months ago
0
feat: update the SRUM database parser
#146
catarinadf
closed
9 months ago
0
feat: dump the raw content of ESE databases and analyse SRUM databases
#145
catarinadf
closed
9 months ago
0
No executable
#144
TomHilk-learning
closed
9 months ago
1
feat: release chainsaw_all_platforms+rules.zip (without samples)
#143
Niicolaa
closed
10 months ago
1
Add rules for Microsoft Remote Access VPN (client and server)
#142
ekt0-syn
closed
10 months ago
1
-o flag not recognized
#141
maikroservice
closed
11 months ago
2
feat(rules): Add rules for AppLocker, Microsoft RDS, PowerShell and RDP sessions
#139
catarinadf
closed
12 months ago
1
Missing Sigma Base64 Encoding?
#138
L015H4CK
closed
1 year ago
3
Print warning when loading Sigma rules with keyless search identifiers
#135
ru37z
closed
1 year ago
6
Create Antivirus Rule for Symantec Endpoint Protection
#134
reece394
closed
1 year ago
0
Add SHA1 Support to Sophos Rule and Add System Provider
#133
reece394
closed
1 year ago
0
Sophos Antivirus Rule Not Parsing Data Events With Same Key Name
#132
reece394
closed
1 year ago
5
v2.4+ seems to be unable to recognize Sigma alerts
#131
Maspital
closed
1 year ago
1
Add Service Mappings to Sigma Event Logs
#130
reece394
closed
1 year ago
3
Adding 4 new rules for rdp_attacks
#129
eliza-louise
closed
1 year ago
0
Tau EventID Filter error
#128
Richard1611
closed
1 year ago
6
Signatures for Sysmon Protection
#127
JakePeralta7
closed
1 year ago
1
chainsaw project name collides with another rust project
#125
xambroz
opened
1 year ago
2
Shimcache execution timeline feature with Amcache enrichment
#124
Markus98
closed
1 year ago
0
Erroneous Sigma Results using Hunt option
#122
OMENScan
closed
1 year ago
7
Check for potential I/0 error before processing
#121
jfstenuit
closed
1 year ago
1
keyless identifiers cannot be converted
#120
nbareil
closed
1 year ago
3
Tests
#117
56616c6f72
closed
1 year ago
0
WIP Draft: Shimcache execution timeline feature with Amcache enrichment
#116
Markus98
closed
1 year ago
2
Next