[&] How does Chainsaw help in threat identification?
- By detecting abnormal user activity through event frequency and anomaly scoring
- By exporting EVTX logs into CSV format for external analysis in a SIEM
- By correlating event logs with YARA signatures to detect suspicious file behavior
- By scanning for and highlighting known attacker behavior patterns in Windows event logs using Sigma rules -- Correct

[&] What is the primary use of Chainsaw in Windows log analysis?
- To rapidly search and hunt through Windows forensic artifacts -- Correct
- To perform real-time network security monitoring
- To replace the Windows Event Viewer for log analysis
- To serve as a general-purpose file editor

[&] What is the role of Sigma in the log analysis process demonstrated in the lab?
- To back up the Windows system before analysis
- To filter out non-relevant logs
- To provide a rule-based approach for detecting threats -- Correct
- To visualize data in graphical form