issues
search
WithSecureLabs
/
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
GNU General Public License v3.0
2.89k
stars
266
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
More MFT Rules - Fix NTDS.DIT matching ADAMNTDS.DIT and Add Shadow Dumper and PSTools
#196
reece394
closed
1 day ago
1
chore: group ruletypes in folders
#195
FranticTyping
closed
1 week ago
0
chore: group ruletypes in folders
#194
FranticTyping
closed
1 week ago
0
MFT Rules
#193
reece394
closed
1 week ago
0
Feature Request: Add $MFT Filename Support
#192
reece394
closed
1 week ago
6
MFT Alternate Data Streams
#191
IppSec
opened
3 weeks ago
1
Feature Request: MFT Resident Files
#190
IppSec
opened
3 weeks ago
1
XML2EVTX fails
#189
ashokchokalingam
closed
3 weeks ago
8
Can this be run across network?
#188
PowerPress
closed
3 weeks ago
1
Feature Request: Ability to Filter the Output View
#187
IppSec
opened
4 weeks ago
3
why there is no LINUX/ARM64 Version of it...?
#186
EeqMC2s
closed
3 weeks ago
0
Improve handling of registry hives
#185
JakePeralta7
opened
1 month ago
5
Feature Request: Add Parsing Capabilities for Registry Hives and Rules Capabilities
#184
JakePeralta7
closed
1 month ago
0
Security channel-based detections
#183
JakePeralta7
closed
3 weeks ago
1
fix: prevent decoding errors when parsing the SruDbIdMapTable table
#182
catarinadf
closed
1 month ago
0
feature: MSSQL suspicious behavior rules
#181
0xFFaraday
closed
2 months ago
4
[BUG] Multiple rule matches shift CSV column values
#180
import-pandas-as-numpy
closed
2 months ago
3
Add PowerShell Rules
#179
reece394
closed
3 months ago
0
Implement a K/V container
#178
alexkornitzer
closed
3 months ago
1
Shim Cache Analysis Errors - input is out of range
#176
pdutton-vc
closed
3 months ago
2
Support for Mac artefact filetypes
#175
owentl
opened
3 months ago
2
Windows 11 Shim Cache Analysys Errors
#173
pdutton-vc
closed
4 months ago
2
v2.9.1 mac X86 64 binary is actual an ARM64, not x86
#172
rsulliva
closed
4 months ago
3
BUG: Aggregate String Fields Not Coalescing
#171
import-pandas-as-numpy
closed
5 months ago
1
Tau for multiple variables?
#170
Sil3ntgh0st
closed
5 months ago
6
feat(dump): allow dumping of multiple files
#169
Lucas-ech
closed
5 months ago
0
Microsoft Defender / Antivirus detections removed in new releases
#168
AnthoLaMalice
opened
6 months ago
7
chore: pub mod rule
#167
FranticTyping
closed
7 months ago
0
fix: change default search behaviour to match_all
#166
FranticTyping
closed
7 months ago
0
feat: extend match_all option to tau patterns
#165
FranticTyping
closed
7 months ago
0
'--timezone' and '--local' option not working as intended
#164
mohdaadilf
closed
7 months ago
2
feat: match_all option for regex patterns
#163
FranticTyping
closed
8 months ago
2
feat(rules): add kerberoasting related rules
#162
Lucas-ech
closed
9 months ago
1
add nix flake
#161
unrooted
closed
10 months ago
1
Feature Request: Event Log ID / Sigma Summary
#160
ssnkhan
opened
10 months ago
1
add nix flake
#159
unrooted
closed
10 months ago
0
Rule for F-Secure Client Security 11 & 12
#158
reece394
closed
10 months ago
1
McAfee, Trellix, Kaspersky and Microsoft Windows Security Essentials Rules
#157
reece394
closed
10 months ago
0
Service Installation 7045 Rules
#156
reece394
closed
10 months ago
2
Fixes to rasvpn rules
#155
reece394
closed
10 months ago
0
Update Sigma Mapping File to Reduce False Positives
#154
reece394
closed
10 months ago
3
Update Windows Defender rule to filter for key EventIDs
#153
reece394
closed
11 months ago
0
Search feature doesn't parse backslashes
#152
b0s0z0ku
closed
11 months ago
2
Sigma organization by Mitre ATTA&CK
#150
dan21san
closed
11 months ago
5
[Feature Request] Support for "contains", "|" and "all" in both chainsaw and sigma rules
#149
reece394
closed
12 months ago
4
Looking for clarity for mft yaml 'filter' issue
#148
gr3y56
opened
1 year ago
3
fix: handle unknown AppId and UserId values (no entry in SruDbIdMapTable)
#147
catarinadf
closed
1 year ago
0
feat: update the SRUM database parser
#146
catarinadf
closed
1 year ago
0
feat: dump the raw content of ESE databases and analyse SRUM databases
#145
catarinadf
closed
1 year ago
0
No executable
#144
TomHilk-learning
closed
1 year ago
1
Next