Feature Request: Uploading PCAP to Timesketch

log2timeline / dftimewolf

A framework for orchestrating forensic collection, processing and data export

Apache License 2.0

296 stars 72 forks source link

Feature Request: Uploading PCAP to Timesketch #928

Open JakePeralta7 opened 2 weeks ago

JakePeralta7 commented 2 weeks ago

Plaso doesn't parse PCAP files, and I think it can be a very useful processor.

Parsing PCAP files can be easily accomplished using scapy or pyshark.

ramo-j commented 2 weeks ago

I like the idea, but this feature would probably be better living in timesketch (or indeed plaso.) Have you raised FR's there?

Reason being, there are multiple upload methods to Timesketch, DFTW being only one of them. It would make sense to me that TS does the parsing of the pcap, no matter the upload method.

JakePeralta7 commented 2 weeks ago

Got it, will try raising the FR in Plaso