Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Cannot retrieve contributors at this time
How to write an analysis plugin
Create file and class
Write minimal tests
- Plugin file in plaso/analysis/
- Create an empty subclass of plaso.analysis.interface.AnalysisPlugin
- Register it with the analysis plugin by calling AnalysisPluginManager.RegisterPlugin
- Test file in tests/analysis/
- Create an empty subclass of tests.analysis.test_lib.AnalysisPluginTestCase
- Write a test that loads your plugin
- It will fail initially, but running the test while you're developing your plugin gives you a quick way to see if your code is doing what you expect.
- Implement your subclass of plaso.analysis.interface.AnalysisPlugin
- You'll need to define/override:
- You may also want to override:
- ENABLE_IN_EXTRACTION, if your plugin is eligible to run while Plaso is extracting events.
- Add additional tests that test your plugin
- Edit plaso/analysis/
__init__.py to import your plugin in the correct alphabetical order.
Press h to open a hovercard with more details.