Added import stream object for more flexible data upload #1004
Conversation
|
This is still WIP, just uploading to demonstrate a bit where I was going with this. Still need to test it (haven't tested it once), which will most likely results in some unit tests being added as well as major or minor changes to the actual code. |
kiddinn
changed the title
kiddinn
changed the title
| string_items.append('{0:s} = {{0!s}}'.format(column)) | ||
| format_message_string = ' '.join(string_items) | ||
|
|
||
| response = None |
There was a problem hiding this comment.
maybe rename to streamer_response ?
| return 'No return value.' | ||
|
|
||
| return_lines = [] | ||
| for timesketch_object in response.get('objects', []): |
timesketch/api/v1/resources.py
Outdated
| @@ -1368,6 +1369,50 @@ def post(self, sketch_id): | |||
| annotations, status_code=HTTP_STATUS_CODE_CREATED) | |||
|
|
|||
|
|
|||
| class AnalyzerPipelineResource(ResourceMixin, Resource): | |||
There was a problem hiding this comment.
Maybe we want to extend this to also accept an analyzer name? So we can run a specific analyzer instead of all.
There was a problem hiding this comment.
that is already supported in the AnalyzerRunResource
Decided to do this differently, removed this entire resource, merged it with the run resource, and made it so that we can run a single or multiple analyzers.
There was a problem hiding this comment.
also deleted the form so that we now just use request.json instead of the form
| # Create the search index in the Timesketch database | ||
| searchindex = SearchIndex.get_or_create( | ||
| # Check if search index already exists. | ||
| searchindex = SearchIndex.query.filter_by( |
There was a problem hiding this comment.
hm, why not use get_or_create() here?
There was a problem hiding this comment.
I don't want to create one here if it doesn't exist, only querying whether it exists or not.
| @@ -0,0 +1,201 @@ | |||
| # Create Timeline From Other Sources | |||
There was a problem hiding this comment.
Kudos for great documentation :)
There was a problem hiding this comment.
;)
there are some TODOs there though
| string_items.append('{0:s} = {{0!s}}'.format(column)) | ||
| format_message_string = ' '.join(string_items) | ||
|
|
||
| response = None |
| return 'No return value.' | ||
|
|
||
| return_lines = [] | ||
| for timesketch_object in response.get('objects', []): |
| @@ -0,0 +1,201 @@ | |||
| # Create Timeline From Other Sources | |||
There was a problem hiding this comment.
;)
there are some TODOs there though
timesketch/api/v1/resources.py
Outdated
| @@ -1368,6 +1369,50 @@ def post(self, sketch_id): | |||
| annotations, status_code=HTTP_STATUS_CODE_CREATED) | |||
|
|
|||
|
|
|||
| class AnalyzerPipelineResource(ResourceMixin, Resource): | |||
There was a problem hiding this comment.
that is already supported in the AnalyzerRunResource
Decided to do this differently, removed this entire resource, merged it with the run resource, and made it so that we can run a single or multiple analyzers.
timesketch/api/v1/resources.py
Outdated
| @@ -1368,6 +1369,50 @@ def post(self, sketch_id): | |||
| annotations, status_code=HTTP_STATUS_CODE_CREATED) | |||
|
|
|||
|
|
|||
| class AnalyzerPipelineResource(ResourceMixin, Resource): | |||
There was a problem hiding this comment.
also deleted the form so that we now just use request.json instead of the form
| # Create the search index in the Timesketch database | ||
| searchindex = SearchIndex.get_or_create( | ||
| # Check if search index already exists. | ||
| searchindex = SearchIndex.query.filter_by( |
There was a problem hiding this comment.
I don't want to create one here if it doesn't exist, only querying whether it exists or not.
|
@berggren PTAL |
Adding an import stream object that has the ability to:
Other features: