Skip to content

Commit

Permalink
Add timesketch query attribute container (#909)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomchop authored Aug 23, 2024
1 parent d8ac59b commit 8ef4bb6
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions dftimewolf/lib/containers/containers.py
Original file line number Diff line number Diff line change
Expand Up @@ -849,3 +849,37 @@ def __str__(self) -> str:
def __eq__(self, other: TimesketchSavedSearch) -> bool:
"""Override __eq__() for this container."""
return self.name == other.name


class TimesketchQuery(TimesketchSavedSearch):
"""Timesketch Query container. Contains results of a search.
Attributes:
name: Name of the saved search.
description: Description of the saved search.
query: The search query to save.
date: Optional date to restrain the saved search to.
minutes_before: Number of minutes to include before the date.
minutes_after: Number of minutes to include after the date.
results: The results of the query in a given sketch ID.
sketch_id: The sketch ID associated with the query.
"""

CONTAINER_TYPE = "timesketch_query"

def __init__(
self,
name: str,
description: str,
query: str,
date: Optional[datetime.datetime] = None,
minutes_before: int = 5,
minutes_after: int = 5,
sketch_id: int | None = None,
results: pandas.DataFrame | None = None,
):
super().__init__(
name, description, query, date, minutes_before, minutes_after
)
self.sketch_id = sketch_id
self.results = results

0 comments on commit 8ef4bb6

Please sign in to comment.