How to write an analysis plugin¶
Create file and class¶
- Plugin file in plaso/analysis/
- Create an empty subclass of plaso.analysis.interface.AnalysisPlugin
- Register it with the analysis plugin by calling AnalysisPluginManager.RegisterPlugin
- Test file in tests/analysis/
- Create an empty subclass of tests.analysis.test_lib.AnalysisPluginTestCase
Write minimal tests¶
- Write a test that loads your plugin
- It will fail initially, but running the test while you’re developing your plugin gives you a quick way to see if your code is doing what you expect.
- Implement your subclass of plaso.analysis.interface.AnalysisPlugin
- You’ll need to define/override:
- You may also want to override:
- ENABLE_IN_EXTRACTION, if your plugin is eligible to run while Plaso is extracting events.
- Add additional tests that test your plugin
- Edit plaso/analysis/
__init__.py to import your plugin in the correct alphabetical order.