1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# How to write an analysis plugin
## Create file and class
* Plugin file in plaso/analysis/
* Create an empty subclass of plaso.analysis.interface.AnalysisPlugin
* Register it with the analysis plugin by calling AnalysisPluginManager.RegisterPlugin
* Test file in tests/analysis/
* Create an empty subclass of tests.analysis.test_lib.AnalysisPluginTestCase
## Write minimal tests
* Write a test that loads your plugin
* It will fail initially, but running the test while you're developing your plugin gives you a quick way to see if your code is doing what you expect.
## Develop plugin
* Implement your subclass of plaso.analysis.interface.AnalysisPlugin
* You'll need to define/override:
* NAME
* ExamineEvent()
* CompileReport()
* You may also want to override:
* URLS
* ENABLE_IN_EXTRACTION, if your plugin is eligible to run while Plaso is extracting events.
## Expand tests
* Add additional tests that test your plugin
## Register classes
* Edit plaso/analysis/`__init__`.py to import your plugin in the correct alphabetical order.
## Code review/submit
|
