To perform a basic analysis in Chainsaw, you can start with below commands:

To do (Search) analysis of log using words:

Using the command chainsaw.exe search mimikatz -i {Logs Path}, performing a case-insensitive search for the term "mimikatz" within the logs.

Command :- chainsaw.exe search mimikatz -i {Logs Path}

To do (Search) analysis of log using Event IDs:

Using chainsaw.exe search -t "Event.System.EventID: =4104" {Log Path} to search for logs matching Event ID 4104.

Command:- chainsaw.exe search -t "Event.System.EventID: =4104" {Log Path}

To do (Hunting)analysis of log using inbuild rules:

Leveraging inbuilt rules via chainsaw.exe hunt -r rules/ {Log Path}, utilizing the "hunt" keyword and applying rules located in the "rules/" directory.

Command:- chainsaw.exe hunt -r rules/ {Log Path}

To do(Hunting) analysis of log using Sigma rules:

Using Sigma rules with chainsaw.exe hunt -s sigma/ --mapping mappings/sigma-event-logs-all.yml, specifying Sigma rules located in the "sigma/" directory and mapping via "--mapping" with a file that instructs Chainsaw how to interpret third-party rules.

Command:- chainsaw.exe hunt -s sigma/ --mapping mappings/sigma-event-logs-all.yml

These commands cover a range of log analysis scenarios, enabling users to perform targeted searches and utilize different rule sets within Chainsaw for comprehensive log analysis tasks.

Akash Patel