How to write an analysis plugin
Create file and class
Plugin file in
Create an empty subclass of AnalysisPlugin
Register it with the analysis plugin by calling AnalysisPluginManager.RegisterPlugin
Test file in
Create an empty subclass of
Write minimal tests
Write a test that loads your plugin
It will fail initially, but running the test while you’re developing your plugin gives you a quick way to see if your code is doing what you expect.
Implement your subclass of AnalysisPlugin
You’ll need to define/override:
You may also want to override:
ENABLE_IN_EXTRACTION, if your plugin is eligible to run while Plaso is extracting events.
Add additional tests that test your plugin
plaso/analysis/__init__.pyto import your plugin in the correct alphabetical order.