Merge branch 'master' into datetime_fix

cli_client/python/timesketch_cli_client/commands/attribute.py

@@ -88,7 +88,7 @@ def add_attribute(ctx, name, ontology, value):
     if ctx.obj.output_format != "text":
         click.echo(f"Output format {ctx.obj.output_format} not implemented.")
         ctx.exit(1)
-    sketch.add_attribute(name, ontology, value)
+    sketch.add_attribute(name=name, value=value, ontology=ontology)
     click.echo("Attribute added:")
     click.echo(f"Name: {name}")
     click.echo(f"Ontology: {ontology}")

docs/guides/admin/troubleshooting.md

@@ -23,6 +23,7 @@ If you report a bug or ask for help in Slack, please provide as much information
 - Any errors in Timesketch / celery worker logs
 - Any errors in ES logs?
 - Any errors in postgres logs?
+- What versions is running (Timesketch, Plaso, ...) `cat /usr/local/src/timesketch/timesketch/version.py` in the Docker container to get the Timesketch version
 
 ## Frontend issues
 
@@ -75,7 +76,7 @@ See [docs/learn/server-admin](docs/learn/server-admin#troubleshooting-database-s
 
 ### Issues importing Plaso file
 
-- Which Plaso version is installed on the Timesketch server?
+- Which Plaso version is installed on the Timesketch server? (Run `psort.py --version` in the Timesketch docker instance
 - Which Plaso version was used to create the Plaso file?
 - Is the issue for both web upload and `import_client`?
 - If you open a Github Issue, please indicate the Plaso version used to generate the file.

timesketch/lib/analyzers/authentication/ssh.py

@@ -41,7 +41,7 @@ class SSHEventData:
         source_ip (str): IP address in the authentication event.
         source_port (str): Source port in the authentication event.
         username (str): Username in the authentication event.
-        session_id (str): Pseduo session ID calulated from log line.
+        session_id (str): Pseudo session ID calculated from log line.
     """
 
     def __init__(self) -> None:
@@ -223,7 +223,7 @@ def run(self) -> str:
             self.output = result
         else:
             self.output.result_summary = (
-                f"No verdict for {len(records)} SSH authenticaiton events."
+                f"No verdict for {len(records)} SSH authentication events."
             )
             self.output.result_priority = "NOTE"
             self.output.result_status = "SUCCESS"

timesketch/lib/analyzers/authentication/utils.py

@@ -518,7 +518,7 @@ def from_useraccount(self, useraccount: str) -> Tuple[str, str]:
                 domain (str): Authentication user domain.
 
         Raises:
-            ValueError: If error encountered access splitted value.
+            ValueError: If error encountered access split value.
         """
 
         if not useraccount:
@@ -864,7 +864,7 @@ def generate_analyzer_output(
         Returns:
             AnalyzerOutput: An AnalyzerOutput object containing brute for analyzer
                 output.
-            None: Returns None if authsummaries is emtpy.
+            None: Returns None if authsummaries is empty.
         """
 
         if not authsummaries and not isinstance(authsummaries, list):

timesketch/lib/analyzers/authentication/utils_test.py

@@ -423,7 +423,7 @@ def _create_analyzer_output(self) -> AnalyzerOutput:
         return output
 
     def _create_authsummary(self) -> AuthSummary:
-        """Creates and reutrns authsummaries.
+        """Creates and returns authsummaries.
 
         Returns:
             AuthSummary: Returns an object of AuthSummary.

timesketch/lib/analyzers/browser_search.py

@@ -332,7 +332,7 @@ def run(self):
 
             story.add_text(
                 "## Browser Search Analyzer.\n\nThe browser search "
-                "analyzer takes URLs usually resevered for browser "
+                "analyzer takes URLs usually reserved for browser "
                 "search queries and extracts the search string."
                 "In this timeline the analyzer discovered {0:d} "
                 "browser searches.\n\nThis is a summary of "

timesketch/lib/analyzers/contrib/misp_analyzer.py

@@ -60,7 +60,7 @@ def get_misp_attributes(self, value, attr):
             attr:  type of the value.
 
         Returns:
-            List of matching MISP attibutes.
+            List of matching MISP attributes.
         """
         results = requests.post(
             f"{self.misp_url}/attributes/restSearch/",
@@ -85,14 +85,14 @@ def get_misp_attributes(self, value, attr):
         return result_loc["response"]["Attribute"]
 
     def mark_event(self, event, result, attr):
-        """Anotate an event with data from MISP result.
+        """Annotate an event with data from MISP result.
 
         Add a comment to the event.
 
         Args:
             event:  The OpenSearch event object that contains type of value we search
                     for and needs to be tagged or to add an attribute.
-            result:  Dictionnary with results from MISP.
+            result:  Dictionary with results from MISP.
             attr:  type of the current value.
         """
 

timesketch/lib/analyzers/interface.py

@@ -1106,7 +1106,7 @@ def event_stream(
                     yield Event(
                         event, self.datastore, sketch=self.sketch, analyzer=self
                     )
-                break  # Query was succesful
+                break  # Query was successful
             except opensearchpy.TransportError as e:
                 sleep_seconds = backoff_in_seconds * 2**x + random.uniform(3, 7)
                 logger.info(
@@ -1214,7 +1214,7 @@ class AnalyzerOutput:
     """A class to record timesketch analyzer output.
 
     Attributes:
-        platform (str): [Required] Analyzer platfrom.
+        platform (str): [Required] Analyzer platform.
         analyzer_identifier (str): [Required] Unique analyzer identifier.
         analyzer_name (str): [Required] Analyzer display name.
         result_status (str): [Required] Analyzer result status.

timesketch/lib/analyzers/yetiindicators.py

@@ -75,7 +75,7 @@ def get_indicators(self, indicator_type):
             self.intel[item["id"]] = item
 
     def mark_event(self, indicator, event, neighbors):
-        """Anotate an event with data from indicators and neighbors.
+        """Annotate an event with data from indicators and neighbors.
 
         Tags with skull emoji, adds a comment to the event.
         """