Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add json and tab output to CLI client #2818

Merged
merged 5 commits into from
Jul 6, 2023
Merged

Add json and tab output to CLI client #2818

merged 5 commits into from
Jul 6, 2023

Conversation

jaegeral
Copy link
Collaborator

@jaegeral jaegeral commented Jul 6, 2023
edited
Loading

Description

This pull request adds two new output formats to the timesketch analyze list analyzers module: JSON and tabular. The JSON format will output a list of analyzers in JSON format, while the tabular format will output a list of analyzers in a tabular format.

Changes

The following changes were made:

Added two new output formats to the timesketch analyze list analyzers module: JSON and tabular.
Updated the documentation to reflect the new output formats.

How to test

To test the new output formats, run the following command:

timesketch analyze list analyzers --output json

This will output a list of analyzers in JSON format.

timesketch --sketch 1 analyze list --output-format json
[{'name': 'login', 'display_name': 'Windows logon/logoff events', 'description': 'Mark Windows logon and logoff events', 'is_multi': False}, {'name': 'ntfs_timestomp', 'display_name': 'NTFS timestomp detection', 'description': 'Compares timestamps in NTFS to detect potential timestomp', 'is_multi': False},
...

To run the new output formats in tabular format, run the following command:

timesketch analyze list analyzers --output tabular

This will output a list of analyzers in a tabular format.

timesketch --sketch 1 analyze list --output-format tabular
Name	Display Name	Is Multi
login	Windows logon/logoff events	False
ntfs_timestomp	NTFS timestomp detection	False
chain	Chain linked events	False
tagger	Tagger	True
ssh_sessionizer	SSH sessions	False
...

To just get text (the default one):

timesketch --sketch 1 analyze list --output-format text
login
ntfs_timestomp
chain
tagger
ssh_sessionizer
sigma
...

Related to #2608

@jaegeral jaegeral requested a review from jkppr July 6, 2023 11:50
jkppr
jkppr approved these changes Jul 6, 2023
View reviewed changes
Copy link
Collaborator

@jkppr jkppr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
Just one question below on the json output

cli_client/python/timesketch_cli_client/commands/analyze.py Outdated Show resolved Hide resolved
@jaegeral jaegeral requested a review from jkppr July 6, 2023 12:46
@jaegeral jaegeral merged commit 34c7c35 into google:master Jul 6, 2023
20 checks passed
@jaegeral jaegeral mentioned this pull request Jul 6, 2023
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkppr jkppr Awaiting requested review from jkppr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaegeral @jkppr