How to use the plaso.containers.events.EventData function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / plaso / parsers / sqlite_plugins / firefox.py View on Github 
"""Firefox bookmark folder event data.
Attributes:
title (str): title of the bookmark folder.
"""
DATA_TYPE = 'firefox:places:bookmark_folder'
def __init__(self):
"""Initializes event data."""
super(FirefoxPlacesBookmarkFolderEventData, self).__init__(
data_type=self.DATA_TYPE)
self.title = None
class FirefoxPlacesBookmarkEventData(events.EventData):
"""Firefox bookmark event data.
Attributes:
host (str): visited hostname.
places_title (str): places title.
title (str): title of the bookmark folder.
type (int): bookmark type.
url (str): bookmarked URL.
visit_count (int): visit count.
"""
DATA_TYPE = 'firefox:places:bookmark'
def __init__(self):
"""Initializes event data."""
super(FirefoxPlacesBookmarkEventData, self).__init__(Attributes:
message (str): message.
"""
DATA_TYPE = 'chrome:preferences:extensions_autoupdater'
def __init__(self):
"""Initializes event data."""
super(ChromeExtensionsAutoupdaterEventData, self).__init__(
data_type=self.DATA_TYPE)
# TODO: refactor this in something more descriptive.
self.message = None
class ChromeExtensionInstallationEventData(events.EventData):
"""Chrome Extension event data.
Attributes:
extension_id (str): extension identifier.
extension_name (str): extension name.
path (str): path.
"""
DATA_TYPE = 'chrome:preferences:extension_installation'
def __init__(self):
"""Initializes event data."""
super(ChromeExtensionInstallationEventData, self).__init__(
data_type=self.DATA_TYPE)
self.extension_id = None
self.extension_name = Nonefrom __future__ import unicode_literals
import pyparsing
from dfdatetime import posix_time as dfdatetime_posix_time
from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.parsers import logger
from plaso.parsers import manager
from plaso.parsers import text_parser
class XChatScrollbackEventData(events.EventData):
"""XChat Scrollback line event data.
Attributes:
nickname (str): nickname.
text (str): text sent by nickname service messages.
"""
DATA_TYPE = 'xchat:scrollback:line'
def __init__(self):
"""Initializes event data."""
super(XChatScrollbackEventData, self).__init__(data_type=self.DATA_TYPE)
self.nickname = None
self.text = Noneimport abc
from dtfabric.runtime import data_maps as dtfabric_data_maps
from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.lib import errors
from plaso.parsers import logger
from plaso.parsers import winreg
from plaso.parsers.shared import shell_items
from plaso.parsers.winreg_plugins import dtfabric_plugin
from plaso.parsers.winreg_plugins import interface
class MRUListEventData(events.EventData):
"""MRUList event data attribute container.
Attributes:
entries (str): most recently used (MRU) entries.
key_path (str): Windows Registry key path.
"""
DATA_TYPE = 'windows:registry:mrulist'
def __init__(self):
"""Initializes event data."""
super(MRUListEventData, self).__init__(data_type=self.DATA_TYPE)
self.entries = None
self.key_path = Noneusername (str): full name of the Skype account holder and display name.
"""
DATA_TYPE = 'skype:event:account'
def __init__(self):
"""Initialize event data."""
super(SkypeAccountEventData, self).__init__(data_type=self.DATA_TYPE)
self.country = None
self.display_name = None
self.email = None
self.offset = None
self.username = None
class SkypeSMSEventData(events.EventData):
"""Skype SMS event data.
Attributes:
number (str): phone number where the SMS was sent.
text (str): text (SMS body) that was sent.
"""
DATA_TYPE = 'skype:event:sms'
def __init__(self):
"""Initialize event data."""
super(SkypeSMSEventData, self).__init__(data_type=self.DATA_TYPE)
self.number = None
self.text = None
from __future__ import unicode_literals
from dfdatetime import webkit_time as dfdatetime_webkit_time
from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
# Register the cookie plugins.
from plaso.parsers import cookie_plugins # pylint: disable=unused-import
from plaso.parsers import sqlite
from plaso.parsers.cookie_plugins import manager as cookie_plugins_manager
from plaso.parsers.sqlite_plugins import interface
class ChromeCookieEventData(events.EventData):
"""Chrome Cookie event data.
Attributes:
cookie_name (str): name of the cookie.
host (str): hostname of host that set the cookie value.
httponly (bool): True if the cookie cannot be accessed through client
side script.
path (str): path where the cookie got set.
persistent (bool): True if the cookie is persistent.
secure (bool): True if the cookie should only be transmitted over a
secure channel.
url (str): URL or path where the cookie got set.
data (str): value of the cookie.
"""
DATA_TYPE = 'chrome:cookie:entry'def __init__(self):
"""Initializes event data."""
super(KeychainInternetRecordEventData, self).__init__(
data_type=self.DATA_TYPE)
self.account_name = None
self.comments = None
self.entry_name = None
self.protocol = None
self.ssgp_hash = None
self.text_description = None
self.type_protocol = None
self.where = None
# TODO: merge with KeychainInternetRecordEventData.
class KeychainApplicationRecordEventData(events.EventData):
"""MacOS keychain application password record event data.
Attributes:
account_name (str): name of the account.
comments (str): comments added by the user.
entry_name (str): name of the entry.
ssgp_hash (str): password/certificate hash formatted as an hexadecimal
string.
text_description (str): description.
"""
DATA_TYPE = 'mac:keychain:application'
def __init__(self):
"""Initializes event data."""
super(KeychainApplicationRecordEventData, self).__init__(# -*- coding: utf-8 -*-
"""Plug-in to collect the Less Frequently Used Keys."""
from __future__ import unicode_literals
from plaso.containers import events
from plaso.containers import time_events
from plaso.containers import windows_events
from plaso.lib import definitions
from plaso.parsers import winreg
from plaso.parsers.winreg_plugins import interface
class WindowsBootExecuteEventData(events.EventData):
"""Windows Boot Execute event data attribute container.
Attributes:
key_path (str): Windows Registry key path.
value (str): boot execute value, contains the value obtained from
the BootExecute Registry value.
"""
DATA_TYPE = 'windows:registry:boot_execute'
def __init__(self):
"""Initializes event data."""
super(WindowsBootExecuteEventData, self).__init__(
data_type=self.DATA_TYPE)
self.key_path = None
self.value = None# -*- coding: utf-8 -*-
"""This file contains a WinRAR history Windows Registry plugin."""
from __future__ import unicode_literals
import re
from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.parsers import winreg
from plaso.parsers.winreg_plugins import interface
class WinRARHistoryEventData(events.EventData):
"""WinRAR history event data attribute container.
Attributes:
entries (str): archive history entries.
key_path (str): Windows Registry key path.
"""
DATA_TYPE = 'winrar:history'
def __init__(self):
"""Initializes event data."""
super(WinRARHistoryEventData, self).__init__(data_type=self.DATA_TYPE)
self.entries = None
self.key_path = Noneimport collections
import re
import os
from dfdatetime import posix_time as dfdatetime_posix_time
from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import errors
from plaso.lib import definitions
from plaso.parsers import dtfabric_parser
from plaso.parsers import logger
from plaso.parsers import manager
class FirefoxCacheEventData(events.EventData):
"""Firefox cache event data.
Attributes:
data_size (int): size of the cached data.
fetch_count (int): number of times the cache entry was fetched.
frequency (int): ???
info_size (int): size of the metadata.
location (str): ???
request_method (str): HTTP request method.
request_size (int): HTTP request byte size.
response_code (int): HTTP response code.
url (str): URL of original content.
version (int): cache format version.
"""
DATA_TYPE = 'firefox:cache:record'plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
78 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser