Closed hasamba closed 1 year ago
jkppr
commented
1 year ago Hi @hasamba , thanks for opening this issue. Could you please share the database fields your hashR instance is using with me here? Based on the error message I assume something changed with the database fields of hashR since I wrote the analyzer.
I'll try to fix that, but some data to verify this assumption would help.
hasamba
commented
1 year ago hi @jkppr it seems the db is empty, im sorry but i didnt understood that i have to run something before, i just created the db and user, uncomment it in timesketch config... i thought that timesketch will fill the db for me. now i understand that i needed to install hashr
sorry
jkppr
commented
1 year ago You can build your own hashR database using this project: https://github.com/google/hashr The database that is created using hashR is then compatible with the hashR analyzer for lookups.
I'll try to catch that error and make it more obvious for future users :)
Describe the bug hashr does not work
To Reproduce Steps to reproduce the behavior: run Hashr analyzer
Screenshots
Additional context Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/timesketch/lib/analyzers/interface.py", line 1173, in run_wrapper result = self.run() File "/usr/local/lib/python3.10/dist-packages/timesketch/lib/analyzers/hashr_lookup.py", line 306, in run matching_hashes = self.check_against_hashr(list(hash_events_dict.keys())) File "/usr/local/lib/python3.10/dist-packages/timesketch/lib/analyzers/hashr_lookup.py", line 149, in check_against_hashr samples_table = meta_data.tables["samples"] KeyError: 'samples'