Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Event Log ID / Sigma Summary #160

Open
ssnkhan opened this issue Jan 10, 2024 · 1 comment
Open

Feature Request: Event Log ID / Sigma Summary #160

ssnkhan opened this issue Jan 10, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@ssnkhan
Copy link

ssnkhan commented Jan 10, 2024
edited
Loading

Would be helpful if chainsaw could provide high level stats detailing the frequency of event code IDs observed in an Event Log, like Eric Zimmerman's evtxecmd tool. Potential usage would be chainsaw hunt --stats-only evtx_attack_samples.

Event ID        Count
300             1
400             666
403             404
600             4,939
800             197

Another option --stats-only-sigma would produce a similar frequency table, but with a count of Sigma hits.

Thanks for this amazing tool!
@alexkornitzer alexkornitzer added the enhancement New feature or request label Jan 10, 2024
@dbissell6
Copy link

dbissell6 commented Jan 10, 2024
edited
Loading

I am creating a tool to plot this output, I was already planning on implementing this stats idea, i don't know if this helps anyone or not.

image

It also plots AWS logs and you can see how the stats output is looking for that.

https://github.com/dbissell6/Thundaga

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexkornitzer @ssnkhan @dbissell6