FR: Add Timesketch Event collector module

log2timeline / dftimewolf

A framework for orchestrating forensic collection, processing and data export

Apache License 2.0

296 stars 72 forks source link

FR: Add Timesketch Event collector module #929

Closed sydp closed 1 week ago

sydp commented 2 weeks ago

Add a collector module that retrieves events from a Timesketch instance.

The module should accept a user query (including datetime range/indices/tags) in SetUp and be able to store the events as either DataFrame or File (CSV) containers.