Feature Request: Event Log ID / Sigma Summary

[ssnkhan]

Would be helpful if chainsaw could provide high level stats detailing the frequency of event code IDs observed in an Event Log, like Eric Zimmerman's evtxecmd tool. Potential usage would be chainsaw hunt --stats-only evtx_attack_samples.

Event ID        Count
300             1
400             666
403             404
600             4,939
800             197

Another option --stats-only-sigma would produce a similar frequency table, but with a count of Sigma hits.

Thanks for this amazing tool!

[dbissell6]

I am creating a tool to plot this output, I was already planning on implementing this stats idea, i don't know if this helps anyone or not.

It also plots AWS logs and you can see how the stats output is looking for that.

https://github.com/dbissell6/Thundaga