AnalysisPlugin
48 views
Skip to first unread message
Jonas Plum
Oct 19, 2017, 9:42:03 AM10/19/17
to log2timeline-discuss
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.
Daniel White
Oct 19, 2017, 1:48:11 PM10/19/17
to Jonas Plum, log2timeline-discuss
Hey Jonas,
The way to do this to add tags for events you want to add information to - take a look at the nsrl or viper plugins for inspiration.
-Daniel
On Thu, 19 Oct 2017 at 06:42 Jonas Plum <goo...@jonasplum.de> wrote:
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.
--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To post to this group, send email to log2timeli...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jonas Plum
Oct 20, 2017, 10:47:03 AM10/20/17
to log2timeline-discuss
Hi Daniel,
thanks for the reply. Labels are quite limited as they cannot store any non-ASCII character. Is there any other option?
Jonas
Am Donnerstag, 19. Oktober 2017 19:48:11 UTC+2 schrieb Daniel White:
Hey Jonas,The way to do this to add tags for events you want to add information to - take a look at the nsrl or viper plugins for inspiration.-Daniel
On Thu, 19 Oct 2017 at 06:42 Jonas Plum <goo...@jonasplum.de> wrote:
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.
Daniel White
Oct 20, 2017, 12:04:22 PM10/20/17
to Jonas Plum, log2timeline-discuss
What sort of information are you trying to apply to the events? We can adjust the validation for tags if that's the main problem. From a quick look, we could probably just reject tags that contain whitespace, rather than the current stricter form.
-Daniel
On Fri, 20 Oct 2017 at 07:47 Jonas Plum <goo...@jonasplum.de> wrote:
Hi Daniel,thanks for the reply. Labels are quite limited as they cannot store any non-ASCII character. Is there any other option?Jonas
Am Donnerstag, 19. Oktober 2017 19:48:11 UTC+2 schrieb Daniel White:Hey Jonas,The way to do this to add tags for events you want to add information to - take a look at the nsrl or viper plugins for inspiration.-DanielOn Thu, 19 Oct 2017 at 06:42 Jonas Plum <goo...@jonasplum.de> wrote:
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To post to this group, send email to log2timeli...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
Jonas Plum
Oct 20, 2017, 12:09:32 PM10/20/17
to log2timeline-discuss
I want to add paths to the events. I wrote an analysis plugin to apply complete paths to events parsed from the MFT.
Am Freitag, 20. Oktober 2017 18:04:22 UTC+2 schrieb Daniel White:
What sort of information are you trying to apply to the events? We can adjust the validation for tags if that's the main problem. From a quick look, we could probably just reject tags that contain whitespace, rather than the current stricter form.-Daniel
On Fri, 20 Oct 2017 at 07:47 Jonas Plum <goo...@jonasplum.de> wrote:
Hi Daniel,thanks for the reply. Labels are quite limited as they cannot store any non-ASCII character. Is there any other option?Jonas
Am Donnerstag, 19. Oktober 2017 19:48:11 UTC+2 schrieb Daniel White:Hey Jonas,The way to do this to add tags for events you want to add information to - take a look at the nsrl or viper plugins for inspiration.-DanielOn Thu, 19 Oct 2017 at 06:42 Jonas Plum <goo...@jonasplum.de> wrote:
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.
To post to this group, send email to log2timeli...@googlegroups.com.--
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.
Daniel White
Oct 20, 2017, 4:36:10 PM10/20/17
to Jonas Plum, log2timeline-discuss
OK, that sounds reasonable, and I can see why tags aren't a good fit. I'll think a little more how best to do this and get back to you.
-Daniel
On Fri, 20 Oct 2017 at 09:09 Jonas Plum <goo...@jonasplum.de> wrote:
I want to add paths to the events. I wrote an analysis plugin to apply complete paths to events parsed from the MFT.
Am Freitag, 20. Oktober 2017 18:04:22 UTC+2 schrieb Daniel White:What sort of information are you trying to apply to the events? We can adjust the validation for tags if that's the main problem. From a quick look, we could probably just reject tags that contain whitespace, rather than the current stricter form.-Daniel
On Fri, 20 Oct 2017 at 07:47 Jonas Plum <goo...@jonasplum.de> wrote:
Hi Daniel,thanks for the reply. Labels are quite limited as they cannot store any non-ASCII character. Is there any other option?Jonas
Am Donnerstag, 19. Oktober 2017 19:48:11 UTC+2 schrieb Daniel White:Hey Jonas,The way to do this to add tags for events you want to add information to - take a look at the nsrl or viper plugins for inspiration.-DanielOn Thu, 19 Oct 2017 at 06:42 Jonas Plum <goo...@jonasplum.de> wrote:
How can events be altered in an AnalysisPlugin? I want to add further information to specific events, which can be searched in elasticsearch afterwards.--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To post to this group, send email to log2timeli...@googlegroups.com.--
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To post to this group, send email to log2timeli...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages