Security News > 2021 > September > New Chainsaw tool helps IR teams analyze Windows event logs
2021-09-06 17:42
Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats.
Windows event logs are a ledger of the system's activities, comprising details about applications and user logins.
The tool uses the Sigma rule detection logic to quickly find event logs relevant to the investigation.
"Chainsaw also contains built-in logic for detection use-cases that are not suitable for Sigma rules, and provides a simple interface to search through event logs by keyword, regex pattern, or for specific event IDs.".
Search through event logs by event ID, keyword, and regex patterns.
Detect key event logs being cleared or the event log service being stopped.