chainsaw

Execute chainsaw

# mapping is a folder from chainsaw github
./chainsaw hunt -r rules/ evtx_attack_samples -s sigma/rules --mapping mappings/sigma-event-logs-all.yml --level critical

Install

# clone the repo
git clone https://github.com/countercept/chainsaw.git

# build the application
sudo cargo build --release

# execute
./target/release/chainsaw

Errors

on error update rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

sources

github: chainsaw manual

chainsaw

Execute chainsaw

Install

Errors

on error update rust

sources

You may also enjoy

Splunk

Mastering Field Extraction in Splunk: Quick Guide

Mastering the Tstats Command in Splunk