2024-01-25 14:12:00 +00:00
|
|
|
{ lib
|
|
|
|
, fetchFromGitHub
|
|
|
|
, makeWrapper
|
|
|
|
, python3
|
|
|
|
}:
|
|
|
|
|
|
|
|
python3.pkgs.buildPythonApplication rec {
|
|
|
|
pname = "zircolite";
|
2024-04-21 15:54:59 +00:00
|
|
|
version = "2.20.0";
|
2024-01-25 14:12:00 +00:00
|
|
|
format = "other";
|
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "wagga40";
|
|
|
|
repo = "Zircolite";
|
|
|
|
rev = "refs/tags/${version}";
|
2024-04-21 15:54:59 +00:00
|
|
|
hash = "sha256-a7xwF0amsh2SycOjtZpk3dylcBGG9uYd7vmbnz/f9Ug=";
|
2024-01-25 14:12:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
__darwinAllowLocalNetworking = true;
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
build-system = [
|
2024-01-25 14:12:00 +00:00
|
|
|
makeWrapper
|
|
|
|
];
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
dependencies = with python3.pkgs; [
|
2024-01-25 14:12:00 +00:00
|
|
|
aiohttp
|
|
|
|
colorama
|
|
|
|
elastic-transport
|
|
|
|
elasticsearch
|
|
|
|
evtx
|
|
|
|
jinja2
|
|
|
|
lxml
|
|
|
|
orjson
|
|
|
|
requests
|
|
|
|
tqdm
|
|
|
|
urllib3
|
|
|
|
xxhash
|
|
|
|
] ++ elasticsearch.optional-dependencies.async;
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
runHook preInstall
|
|
|
|
|
|
|
|
mkdir -p $out/bin $out/share $out/share/zircolite
|
|
|
|
cp -R . $out/share/zircolite
|
|
|
|
|
|
|
|
makeWrapper ${python3.interpreter} $out/bin/zircolite \
|
|
|
|
--set PYTHONPATH "$PYTHONPATH:$out/bin/zircolite.py" \
|
|
|
|
--add-flags "$out/share/zircolite/zircolite.py"
|
|
|
|
|
|
|
|
runHook postInstall
|
|
|
|
'';
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
description = "SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs";
|
2024-04-21 15:54:59 +00:00
|
|
|
mainProgram = "zircolite";
|
2024-01-25 14:12:00 +00:00
|
|
|
homepage = "https://github.com/wagga40/Zircolite";
|
|
|
|
changelog = "https://github.com/wagga40/Zircolite/releases/tag/${version}";
|
|
|
|
license = licenses.gpl3Only;
|
|
|
|
maintainers = with maintainers; [ fab ];
|
|
|
|
};
|
|
|
|
}
|