building-incident-timeline-with-timesketch
CommunityCreate collaborative forensic timelines with Timesketch.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Timesketch-based incident timeline tooling enables security teams to unify diverse evidence sources into a coherent, searchable chronology for faster detection, investigation, and reporting.
Core Features & Use Cases
- Timesketch-based timeline ingestion: Import Plaso (.plaso), CSV, and JSONL timelines to a central sketch for analysis.
- Automated analyzers and mappings: Leverages built-in Timesketch analyzers and MITRE ATT&CK/ Sigma mappings to surface patterns.
- Collaborative investigations: Multiple analysts can annotate, tag, and build a narrative within a shared sketch.
- Deployment flexibility: Works with Docker-based Timesketch deployments and OpenSearch/PostgreSQL backends for scalable investigations.
- Use Case: Reconstruct attack chains by aggregating endpoint, network, and cloud logs into a unified timeline and generate a story for incident reports.
Quick Start
Create a new Timesketch sketch, import your prepared timeline file, and begin investigative exploration.
Dependency Matrix
Required Modules
requests
Components
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: building-incident-timeline-with-timesketch Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#building-incident-timeline-with-timesketch Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.