Interesting that it's code owned by Google but a product. Is it because it was developed by someone during work (and hence owned by Google) but nobody from Google endorses it?
This is just how it looks when you publish an open source project at Google.
Google controls the repo hence it's under the Google GitHub org. But then you just slap the "not a Google product" thing at the end to clarify that it's "just" some engineers publishing code rather than the release of the code of a Google product (nor a major strategic open source initiative like Go).
So it could even be a pure hobby project - not something done for work - where the initial author (over a decade ago) chose to release it under Google's copyright rather than use the exception process.
Any Googler can write code and open source it on the Google GitHub (within reason, the process is quite straightforward). So no, Google as an entity does not official endorse it, all it means is at least one employee is working on that particular effort.
I heard a lecture from one of its users/developers a year ago in Munich. IIRC it’s a tool that came out of their incident response teams, but don‘t quote me on this
I'm more understanding it as a tool so that multiple people collaborating on investigating a hack/data-breach/etc can audit/tag events in the interesting logs (ssh logins, weird executables starting,network probes, etc) from various sources and get a _combined timeline_ to easier determine adversary movement, cause-and-effect and so on to easier find what needs patching,etc.
Interesting that it's code owned by Google but a product. Is it because it was developed by someone during work (and hence owned by Google) but nobody from Google endorses it?
This is just how it looks when you publish an open source project at Google.
Google controls the repo hence it's under the Google GitHub org. But then you just slap the "not a Google product" thing at the end to clarify that it's "just" some engineers publishing code rather than the release of the code of a Google product (nor a major strategic open source initiative like Go).
Their process is documented at https://opensource.google/documentation/reference/releasing
So it could even be a pure hobby project - not something done for work - where the initial author (over a decade ago) chose to release it under Google's copyright rather than use the exception process.
Any Googler can write code and open source it on the Google GitHub (within reason, the process is quite straightforward). So no, Google as an entity does not official endorse it, all it means is at least one employee is working on that particular effort.
I heard a lecture from one of its users/developers a year ago in Munich. IIRC it’s a tool that came out of their incident response teams, but don‘t quote me on this
Website: https://timesketch.org/
There's no timeline view in this timeline analysis tool?
Thanks, I thought I was the only one baffled by this.
Cruel joke!
Python 3 backend, Vue js front end, docker, Apache 2 licensed.
Do I get it right that translated from marketingspeak it means "log viewer with backend"?
I'm more understanding it as a tool so that multiple people collaborating on investigating a hack/data-breach/etc can audit/tag events in the interesting logs (ssh logins, weird executables starting,network probes, etc) from various sources and get a _combined timeline_ to easier determine adversary movement, cause-and-effect and so on to easier find what needs patching,etc.
Only had a glance on my phone but maybe this would also be useful for incident postmortem timelines.