zircolite: init at 2.9.9
SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs https://github.com/wagga40/Zircolite
This commit is contained in:
parent
4400b6335f
commit
0bd03de427
1 changed files with 58 additions and 0 deletions
58
pkgs/by-name/zi/zircolite/package.nix
Normal file
58
pkgs/by-name/zi/zircolite/package.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ lib
|
||||
, fetchFromGitHub
|
||||
, makeWrapper
|
||||
, python3
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "zircolite";
|
||||
version = "2.9.9";
|
||||
format = "other";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wagga40";
|
||||
repo = "Zircolite";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-De1FLeYZY9eiBW18AVAMtYysC0b8AzO5HtFKxyzK9GY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
aiohttp
|
||||
colorama
|
||||
elastic-transport
|
||||
elasticsearch
|
||||
evtx
|
||||
jinja2
|
||||
lxml
|
||||
orjson
|
||||
requests
|
||||
tqdm
|
||||
urllib3
|
||||
xxhash
|
||||
] ++ elasticsearch.optional-dependencies.async;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share $out/share/zircolite
|
||||
cp -R . $out/share/zircolite
|
||||
|
||||
makeWrapper ${python3.interpreter} $out/bin/zircolite \
|
||||
--set PYTHONPATH "$PYTHONPATH:$out/bin/zircolite.py" \
|
||||
--add-flags "$out/share/zircolite/zircolite.py"
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs";
|
||||
homepage = "https://github.com/wagga40/Zircolite";
|
||||
changelog = "https://github.com/wagga40/Zircolite/releases/tag/${version}";
|
||||
license = licenses.gpl3Only;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue