Softpedia >Windows >Security >Security Related >Chainsaw >  Changelog

Chainsaw Changelog

What's new in Chainsaw 2.9.0

Apr 15, 2024
  • More native rules
  • Ability to change default conditional when searching
  • Fix for setting of timezones

New in Chainsaw 2.8.1 (Nov 21, 2023)

  • Fixes and tweaks for SRUM
  • Updated dependencies

New in Chainsaw 2.8.0 (Oct 8, 2023)

  • This release contains the following changes of note:
  • Support for parsing ESE databases and analysing SRUM databases
  • New Chainsaw rules
  • Full output support for aggregations

New in Chainsaw 2.7.3 (Aug 16, 2023)

  • New Chainsaw rules
  • Fixing JSONL outputting issues for dump and search
  • Updated dependencies

New in Chainsaw 2.7.2 (Jul 9, 2023)

  • More optimisations.
  • Fix some issues with -t arguments.

New in Chainsaw 2.7.1 (Jul 6, 2023)

  • Fix mutually exclusive command line options -c can only be used with --jsonl
  • Error if caching file cannot be created
  • Make thread count is respected everywhere
  • Better handling of sigma rules (warn on unknown modifiers, and support base64 conversions)
  • additional optimisations to jsonl output

New in Chainsaw 2.7.1 (Jul 6, 2023)

  • Fix mutually exclusive command line options -c can only be used with --jsonl
  • Error if caching file cannot be created
  • Make thread count is respected everywhere
  • Better handling of sigma rules (warn on unknown modifiers, and support base64 conversions)
  • additional optimisations to jsonl output

New in Chainsaw 2.7.0 (Jul 3, 2023)

  • This release contains the following changes of note:
  • Add cache to disk support for JSONL output
  • Add file path to CSV output
  • Fix for newline output issue in tabluar output
  • Rule loading warnings should highlight output as a warning
  • Tweaks and improvements to mappings and rules

New in Chainsaw 2.6.2 (Jun 3, 2023)

  • Adds array indexing support to key identifiers (tau-engine), which also fixes some chainsaw rules...

New in Chainsaw 2.6.0 (Apr 3, 2023)

  • A new feature for creating execution timelines using shimcache artifacts with optional amcache enrichment
  • Added functionality to parse Windows registry hive files
  • Fixed missing check make sure that path is not a file when using csv to prevent time wasting
  • Upgraded to the new Tau engine that has full support for floats

New in Chainsaw 2.5.0 (Feb 17, 2023)

  • Bring in upstream fix for evtx files that contain the size_t type (thanks to upstream for such a quick turn around)
  • Add in a dump command so that people stop bodging the functionality via search
  • Minor fixes and tweaks

New in Chainsaw 2.4.0 (Feb 17, 2023)

  • This release contains the following changes of note:
  • Add back in the version flag
  • Multiple optimisations to the hunt feature of Chainsaw
  • Allow JSONL to stream out when hunting to reduce RAM usage when a large number of files are passed
  • Allow number of threads to be specified when hunting
  • Add preprocessing option to hunting for further speed up (only really required when single threaded)
  • Minor fixes and tweaks

New in Chainsaw 2.3.0 (Nov 14, 2022)

  • Output file name for JSON based output
  • Show culprit file when hunting errors occur
  • Tweaks and improvements to command line arguments

New in Chainsaw 2.2.0 (Oct 20, 2022)

  • Support for outputting in newline delimited JSON
  • Fixes potential crash with table output when truncating strings
  • Allows for preconditions to be applied in mapping files to handle poor rules

New in Chainsaw 2.1.1 (Oct 7, 2022)

  • Fix some incorrectly handled prints
  • Improve the consistency of parsing the hunt command line
  • Reduce the RAM usage
  • Add -j back in for --json

New in Chainsaw 2.1.0 (Sep 16, 2022)

  • This release contains the following changes of note:
  • Fixes broken edge cases in complex mapping objects
  • Adds support for new line delimited JSON
  • Reduces memory usage for some of the parsers
  • Re-adds support for evt files
  • Adds support for MFTs

New in Chainsaw 2.0.0 Beta 5 (Jul 28, 2022)

  • Added:
  • Allow Chainsaw to try and read files that don't have the evtx extension (
  • Evtx files with different extension #75)
  • Added tau support to search
  • Added timezone support (
  • Request for time filters(start and end dates) in local time #45)
  • Rule metadata on tabular print (
  • Add Sigma Rule Id and description to results #68,
  • Add sigma metadatas in results #74)
  • Modified:
  • Updated the mapping file format to handle changes made within Chainsaw
  • Mappings now use tau filters so it should be more obvious as to why rules are not matching (
  • Rule seemingly not matching certain event IDs #41)
  • Removed:
  • Removed CSV as it does not make sense for the output provided by Chainsaw (
  • CSV Files not generated correctly #35)I am more than happy to add this back in if its a must.
  • Removed builtin detection.

New in Chainsaw 2.0.0 Alpha 1 (Jun 3, 2022)

  • Added:
  • Allow Chainsaw to try and read files that don't have the evtx extension (
  • Evtx files with different extension #75)
  • Added tau support to search
  • Added timezone support (
  • Request for time filters(start and end dates) in local time #45)
  • Rule metadata on tabular print (
  • Add Sigma Rule Id and description to results #68,
  • Add sigma metadatas in results #74)
  • Modified:
  • Updated the mapping file format to handle changes made within Chainsaw
  • Mappings now use tau filters so it should be more obvious as to why rules are not matching (
  • Rule seemingly not matching certain event IDs #41)
  • Removed:
  • Removed CSV as it does not make sense for the output provided by Chainsaw (
  • CSV Files not generated correctly #35). I am more than happy to add this back in if its a must.
  • Removed builtin detection.

New in Chainsaw 1.1.7 (Mar 21, 2022)

  • What's Changed:
  • Fix: the --output argument was clashing with --json in search mode
  • Fix: formatting was broken when using --output in search mode
  • Fix: some prints were incorrectly printing to stdout rather than stderr

New in Chainsaw 1.1.6 (Feb 21, 2022)

  • What's Changed:
  • Clean: updating README file by @FranticTyping in #65
  • Feat: add in output command as requested for #60 by @fscc-alexkornitzer in #64

New in Chainsaw 1.1.5 (Jan 9, 2022)

  • Add testing into Chainsaw
  • Fix/seperate json attributes
  • Feat: add channel information to cleared log events

New in Chainsaw 1.1.4 (Dec 2, 2021)

  • Feature: removing progress bar for searching as it corrupts the output by @fscc-jamesd in #48

New in Chainsaw 1.1.3 (Nov 25, 2021)

  • Improved logging and error handling for corrupted EVTX files

New in Chainsaw 1.1.2 (Nov 18, 2021)

  • Fixed sigma rule conversion issues
  • Fixed int to string casting
  • Excluded a number of noisy sigma rules

New in Chainsaw 1.1.1 (Oct 25, 2021)

  • Revert the change in how event IDs are handled that was introduced in v1.1.0 which is causing false positives.

New in Chainsaw 1.1.0 (Oct 22, 2021)

  • Improved handling of data processing and output formats.

New in Chainsaw 1.0.2 (Sep 14, 2021)

  • Adding Sigma rule author informatoin via --authors flag to comply with Sigma DRL
  • Pull in upstream tau-engine fix to validate rules on load