issues
search
WithSecureLabs
/
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
GNU General Public License v3.0
2.71k
stars
245
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[BUG] Multiple rule matches shift CSV column values
#180
import-pandas-as-numpy
closed
4 days ago
3
Add PowerShell Rules
#179
reece394
closed
3 weeks ago
0
Implement a K/V container
#178
alexkornitzer
closed
3 weeks ago
1
Shim Cache Analysis Errors - input is out of range
#176
pdutton-vc
closed
3 weeks ago
2
Support for Mac artefact filetypes
#175
owentl
opened
1 month ago
2
Windows 11 Shim Cache Analysys Errors
#173
pdutton-vc
closed
2 months ago
2
v2.9.1 mac X86 64 binary is actual an ARM64, not x86
#172
rsulliva
closed
2 months ago
3
BUG: Aggregate String Fields Not Coalescing
#171
import-pandas-as-numpy
closed
2 months ago
1
Tau for multiple variables?
#170
Sil3ntgh0st
closed
2 months ago
6
feat(dump): allow dumping of multiple files
#169
Lucas-ech
closed
3 months ago
0
Microsoft Defender / Antivirus detections removed in new releases
#168
AnthoLaMalice
opened
3 months ago
7
chore: pub mod rule
#167
FranticTyping
closed
5 months ago
0
fix: change default search behaviour to match_all
#166
FranticTyping
closed
5 months ago
0
feat: extend match_all option to tau patterns
#165
FranticTyping
closed
5 months ago
0
'--timezone' and '--local' option not working as intended
#164
mohdaadilf
closed
4 months ago
2
feat: match_all option for regex patterns
#163
FranticTyping
closed
6 months ago
2
feat(rules): add kerberoasting related rules
#162
Lucas-ech
closed
7 months ago
1
add nix flake
#161
unrooted
closed
8 months ago
1
Feature Request: Event Log ID / Sigma Summary
#160
ssnkhan
opened
8 months ago
1
add nix flake
#159
unrooted
closed
8 months ago
0
Rule for F-Secure Client Security 11 & 12
#158
reece394
closed
8 months ago
1
McAfee, Trellix, Kaspersky and Microsoft Windows Security Essentials Rules
#157
reece394
closed
8 months ago
0
Service Installation 7045 Rules
#156
reece394
closed
8 months ago
2
Fixes to rasvpn rules
#155
reece394
closed
8 months ago
0
Update Sigma Mapping File to Reduce False Positives
#154
reece394
closed
8 months ago
3
Update Windows Defender rule to filter for key EventIDs
#153
reece394
closed
8 months ago
0
Search feature doesn't parse backslashes
#152
b0s0z0ku
closed
9 months ago
2
Sigma organization by Mitre ATTA&CK
#150
dan21san
closed
9 months ago
5
[Feature Request] Support for "contains", "|" and "all" in both chainsaw and sigma rules
#149
reece394
closed
9 months ago
4
Looking for clarity for mft yaml 'filter' issue
#148
gr3y56
opened
10 months ago
3
fix: handle unknown AppId and UserId values (no entry in SruDbIdMapTable)
#147
catarinadf
closed
10 months ago
0
feat: update the SRUM database parser
#146
catarinadf
closed
11 months ago
0
feat: dump the raw content of ESE databases and analyse SRUM databases
#145
catarinadf
closed
11 months ago
0
No executable
#144
TomHilk-learning
closed
11 months ago
1
feat: release chainsaw_all_platforms+rules.zip (without samples)
#143
Niicolaa
closed
1 year ago
1
Add rules for Microsoft Remote Access VPN (client and server)
#142
ekt0-syn
closed
1 year ago
1
-o flag not recognized
#141
maikroservice
closed
1 year ago
2
feat(rules): Add rules for AppLocker, Microsoft RDS, PowerShell and RDP sessions
#139
catarinadf
closed
1 year ago
1
Missing Sigma Base64 Encoding?
#138
L015H4CK
closed
1 year ago
3
Print warning when loading Sigma rules with keyless search identifiers
#135
ru37z
closed
1 year ago
6
Create Antivirus Rule for Symantec Endpoint Protection
#134
reece394
closed
1 year ago
0
Add SHA1 Support to Sophos Rule and Add System Provider
#133
reece394
closed
1 year ago
0
Sophos Antivirus Rule Not Parsing Data Events With Same Key Name
#132
reece394
closed
1 year ago
5
v2.4+ seems to be unable to recognize Sigma alerts
#131
Maspital
closed
1 year ago
1
Add Service Mappings to Sigma Event Logs
#130
reece394
closed
1 year ago
3
Adding 4 new rules for rdp_attacks
#129
eliza-louise
closed
1 year ago
0
Tau EventID Filter error
#128
Richard1611
closed
1 year ago
6
Signatures for Sysmon Protection
#127
JakePeralta7
closed
1 year ago
1
chainsaw project name collides with another rust project
#125
xambroz
opened
1 year ago
2
Shimcache execution timeline feature with Amcache enrichment
#124
Markus98
closed
1 year ago
0
Next