Chainsaw — designed as a “first-response” capability to identify threats within Windows event logs quickly.
Chainsaw offers a “generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules” — written in Rust and accessible via the command line.
Chainsaw includes the ability to search through event logs by event ID, keyword, and regex patterns; extraction and parsing of Windows Defender, F-Secure, Sophos, and Kaspersky AV alerts; detect key event logs being cleared or the event log service being stopped; users being created or added to sensitive user groups; brute-force of local user accounts; RDP logins, network logins, etc., and Sigma rule detection against a wide variety of Windows event IDs. Security folks can get Chainsaw for free.