chainsaw

Execute chainsaw

# mapping is a folder from chainsaw github
./chainsaw hunt -r rules/ evtx_attack_samples -s sigma/rules --mapping mappings/sigma-event-logs-all.yml --level critical

Install

# clone the repo
git clone https://github.com/countercept/chainsaw.git

# build the application
sudo cargo build --release

# execute
./target/release/chainsaw

Errors

on error update rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

sources

github: chainsaw manual

Mastering Field Extraction in Splunk: Quick Guide

Learn how to configure and test field extractions in Splunk using regex in transforms.conf and props.conf.

Mastering the Tstats Command in Splunk

Learn how to leverage the powerful Tstats command in Splunk 9.2.1 for optimized data analysis and improved search performance.

A Technical Guide to Splunk Data Models

Learn how to create, fill, maintain, validate, and request data from Splunk Data Models in this comprehensive guide.