Run selected/analyzers from "timesketch importer"

[hasamba]

im using a script that creates a plaso file from kape output and upload the output file to timesketch,
it would be very helpful if there will be an argument for timesketch_importer that will auto run selected or all analyzers/tagger after uploads and indexing finishes.

thanks

[jkppr]

Hi @hasamba
We are using dftimewolf for this use-case and its TimesketchExporter module supports triggering Analyzers on the uploaded timelines. For example with the upload_ts recipe.

Adding this feature to the timesketch_importer is not on the road map for now, but something that sounds like a great opportunity for a community contribution. I'm happy to review the PR if anyone wants to take a stab.

[wiredinhp]

@hasamba @jkppr Hi there ! I am a new contributor to this repository and would love to contribute by solving this issue. Could you please assign this issue to me ?

[jkppr]

Hi @wiredinhp thanks for offering to implement this feature request. I have assigned you the issue.

• Please find the getting started guide here: https://timesketch.org/developers/getting-started/
• Feel free to submit a draft PR early to gather some review feedback.