Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. The tool is designed to assist in the first-response stage of a security engagement and can also help blue teams triage entries relevant for the investigation.

Read full article on Bleeping Computer