Releases: WithSecureLabs/chainsaw
Releases · WithSecureLabs/chainsaw
v2.8.1
This release contains the following changes of note:
- Fixes and tweaks for SRUM
- Updated dependencies
v2.8.0
This release contains the following changes of note:
- Support for parsing ESE databases and analysing SRUM databases
- New Chainsaw rules
- Full output support for aggregations
v2.7.3
This release contains the following changes of note:
- New Chainsaw rules
- Fixing JSONL outputting issues for
dumpandsearch - Updated dependencies
v2.7.2
This release contains the following changes of note:
- More optimisations
- Fix some issues with -t arguments
v2.7.1
This release contains the following changes of note:
- Fix mutually exclusive command line options
-ccan only be used with--jsonl - Error if caching file cannot be created
- Make thread count is respected everywhere
- Better handling of sigma rules (warn on unknown modifiers, and support base64 conversions)
- additional optimisations to jsonl output
v2.7.0
This release contains the following changes of note:
- Add cache to disk support for JSONL output
- Add file path to CSV output
- Fix for newline output issue in tabluar output
- Rule loading warnings should highlight output as a warning
- Tweaks and improvements to mappings and rules
v2.6.2
This release contains the following changes of note:
- Adds array indexing support to key identifiers (tau-engine), which also fixes some chainsaw rules...
v2.6.1
This release contains the following changes of note:
- Fix hunts not running on
.jsonlfiles - Bring in some false positive reduction for the default Sigma rules mapping file
v2.6.0
This release contains the following changes of note:
- A new feature for creating execution timelines using shimcache artifacts with optional amcache enrichment
- Added functionality to parse Windows registry hive files
- Fixed missing check make sure that path is not a file when using csv to prevent time wasting
- Upgraded to the new Tau engine that has full support for floats