Can I import Windows Event Logs into Timesketch?

Yes, you can parse Windows Event Logs (.evtx) using Plaso (log2timeline) and then import the resulting storage file directly into Timesketch for analysis.

How do analysts collaborate within Timesketch?

Analysts can work in shared 'Sketches' where they can leave comments, tag events, save specific search views, and build investigation 'Stories' together in real-time.

Does this skill support automated detection rules?

Yes, it includes guidance on integrating Sigma rules to automatically identify suspicious patterns and lateral movement across your ingested timelines.

What is Timesketch used for in incident response?

Timesketch is used to aggregate and visualize chronological forensic data from multiple sources, allowing teams to collaboratively search and analyze event timelines to reconstruct attack paths.

Is Timesketch open-source?

Yes, Timesketch is an open-source tool developed by Google and is widely used in the digital forensics community for scalable investigation documentation.

Building Incident Timeline with Timesketch

Name: Building Incident Timeline with Timesketch
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Builds and analyzes collaborative forensic timelines using Google's Timesketch for rapid incident response and attack chain reconstruction.

This skill provides specialized guidance for implementing and utilizing Timesketch, an open-source collaborative forensic timeline tool. It assists in ingesting logs from various sources via Plaso, CSV, or JSONL, normalizing data into unified searchable timelines, and performing deep analysis through built-in analyzers like Sigma rules and domain trackers. It is particularly useful for security operations centers (SOCs) and digital forensics and incident response (DFIR) teams needing to reconstruct complex attack sequences across multiple endpoints, servers, and cloud environments.

Key Features

014,121 GitHub stars

02Unified ingestion of logs from Plaso, CSV, and JSONL formats

03Mapping of incident events to the MITRE ATT&CK framework

04Advanced search and filtering using the Timesketch query language

05Collaborative sketching and storytelling for multi-analyst investigations

06Automated data analysis using built-in forensic analyzers and Sigma rules

Use Cases

01Documenting and reporting investigation findings through interactive investigation stories

02Collaborating on a forensic investigation across a distributed security team

03Reconstructing the chronological sequence of a multi-stage cyberattack

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-incident-timeline-with-timesketch

For use in Claude.ai and ChatGPT

Key Features

014,121 GitHub stars

02Unified ingestion of logs from Plaso, CSV, and JSONL formats

03Mapping of incident events to the MITRE ATT&CK framework

04Advanced search and filtering using the Timesketch query language

05Collaborative sketching and storytelling for multi-analyst investigations

06Automated data analysis using built-in forensic analyzers and Sigma rules

Use Cases

01Documenting and reporting investigation findings through interactive investigation stories

02Collaborating on a forensic investigation across a distributed security team

03Reconstructing the chronological sequence of a multi-stage cyberattack

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-incident-timeline-with-timesketch

For use in Claude.ai and ChatGPT