How to use the timesketch.lib.analyzers.manager.AnalysisManager function in timesketch
To help you get started, we’ve selected a few timesketch examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / timesketch / timesketch / lib / analyzers / browser_timeframe.py View on Github 
this_hour_count = hour_count.get(hour)
event.add_attributes(
{'activity_summary': (
'Number of events for this hour ({0:d}): {1:d}, with the '
'threshold value: {2:0.2f}').format(
hour, this_hour_count, threshold),
'hour_count': this_hour_count})
event.add_emojis([sleeping_emoji])
event.commit()
return (
'Tagged {0:d} out of {1:d} events as outside of normal '
'active hours.').format(data_frame_outside.shape[0], total_count)
manager.AnalysisManager.register_analyzer(BrowserTimeframeSketchPlugin)found_account = event.source.get('found_account')
accounts_found.setdefault(account_tag, {})
accounts_found[account_tag].setdefault(found_account, 0)
accounts_found[account_tag][found_account] += 1
if accounts_found:
return (
'{0:s} identified use of the following accounts: '
'{1!s}'.format(self.NAME, accounts_found))
return 'Account finder was unable to extract any accounts.'
manager.AnalysisManager.register_analyzer(AccountFinderSketchPlugin)for file_info in file_infos.values():
if self.handle_timestomp(file_info):
timestomps = timestomps + 1
if timestomps > 0:
self.sketch.add_view(
view_name='NtfsTimestomp', analyzer_name=self.NAME,
query_string='_exists_:time_delta or _exists:time_deltas')
return ('NtfsTimestomp Analyzer done, found {0:d} timestomped events'
.format(timestomps))
manager.AnalysisManager.register_analyzer(NtfsTimestompSketchPlugin)def run_sketch_analyzer(index_name, sketch_id, analysis_id, analyzer_name,
**kwargs):
"""Create a Celery task for a sketch analyzer.
Args:
index_name: Name of the datastore index.
sketch_id: ID of the sketch to analyze.
analysis_id: ID of the analysis.
analyzer_name: Name of the analyzer.
Returns:
Name (str) of the index.
"""
analyzer_class = manager.AnalysisManager.get_analyzer(analyzer_name)
analyzer = analyzer_class(
sketch_id=sketch_id, index_name=index_name, **kwargs)
result = analyzer.run_wrapper(analysis_id)
logging.info('[{0:s}] result: {1:s}'.format(analyzer_name, result))
return index_nameview_name='Phishy Domains', analyzer_name=self.NAME,
query_string='tag:"phishy-domain"')
if whitelist_encountered:
self.sketch.add_view(
view_name='Phishy Domains, excl. whitelist',
analyzer_name=self.NAME,
query_string=(
'tag:"phishy-domain" AND NOT tag:"whitelisted-domain"'))
return (
'{0:d} potentially phishy domains discovered.').format(
similar_domain_counter)
manager.AnalysisManager.register_analyzer(PhishyDomainsSketchPlugin)
Popular timesketch functions
- timesketch.api.v1.resources.ResourceMixin
- timesketch.apps.sketch.models.Sketch
- timesketch.apps.sketch.models.Sketch.objects.create
- timesketch.apps.sketch.models.Sketch.objects.get
- timesketch.lib.analyzers.interface
- timesketch.lib.analyzers.interface.BaseSketchAnalyzer
- timesketch.lib.analyzers.manager
- timesketch.lib.analyzers.manager.AnalysisManager
- timesketch.lib.analyzers.manager.AnalysisManager.register_analyzer
- timesketch.lib.emojis.get_emoji
- timesketch.lib.forms.BaseForm
- timesketch.models.db_session
- timesketch.models.db_session.add
- timesketch.models.db_session.commit
- timesketch.models.sketch.SearchIndex
- timesketch.models.sketch.SearchIndex.query.filter_by
- timesketch.models.sketch.Sketch
- timesketch.models.sketch.Sketch.query.get_with_acl
- timesketch.models.sketch.View
- timesketch.models.user.User