Supercharging Bulk DFIR triage with Node-RED, Google’s Log2timeline & Google’s Timesketch
During the COVID19 lockdown period, I spent time creating a rule set to get the most of Google’s Timesketch tagging feature. The tagging rules were mapped to MITRE ATT&CK where applicable. Timesketch has the ability to automatically run analyzers (i.e. Tagger, Sigma Rules etc) after a plaso file gets indexed.