Open
Description
Hello,
Would it be possible for some documentation or guidance on how to expand the functionality of Chainsaw using sigma rules and chainsaw's mapping file?
I've spoken with a number of people in the DFIR community who would love to be able to contribute and build on what is already an amazing tool but have struggled to understand how to write new rules and then map it to Chainsaw's output (myself included!)
I'd be more than happy to collate some ideas for detection rules if that would help the process in anyway.
Any help, support or resource you can offer would be greatly appreciated.
Many thanks
Tom