zircolite: init at 2.9.9

SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs

https://github.com/wagga40/Zircolite
This commit is contained in:
Fabian Affolter 2024-01-15 00:08:59 +01:00
parent 4400b6335f
commit 0bd03de427

View file

@ -0,0 +1,58 @@
{ lib
, fetchFromGitHub
, makeWrapper
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "zircolite";
version = "2.9.9";
format = "other";
src = fetchFromGitHub {
owner = "wagga40";
repo = "Zircolite";
rev = "refs/tags/${version}";
hash = "sha256-De1FLeYZY9eiBW18AVAMtYysC0b8AzO5HtFKxyzK9GY=";
};
nativeBuildInputs = [
makeWrapper
];
propagatedBuildInputs = with python3.pkgs; [
aiohttp
colorama
elastic-transport
elasticsearch
evtx
jinja2
lxml
orjson
requests
tqdm
urllib3
xxhash
] ++ elasticsearch.optional-dependencies.async;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share $out/share/zircolite
cp -R . $out/share/zircolite
makeWrapper ${python3.interpreter} $out/bin/zircolite \
--set PYTHONPATH "$PYTHONPATH:$out/bin/zircolite.py" \
--add-flags "$out/share/zircolite/zircolite.py"
runHook postInstall
'';
meta = with lib; {
description = "SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs";
homepage = "https://github.com/wagga40/Zircolite";
changelog = "https://github.com/wagga40/Zircolite/releases/tag/${version}";
license = licenses.gpl3Only;
maintainers = with maintainers; [ fab ];
};
}