Merge pull request #163819 from fabaff/pysigma

sigma-cli: init at 0.3.0
This commit is contained in:
Fabian Affolter 2022-03-14 15:27:44 +01:00 committed by GitHub
commit f88784d690
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 264 additions and 0 deletions

View file

@ -0,0 +1,46 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, pysigma
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "pysigma-backend-splunk";
version = "0.1.1";
format = "pyproject";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "SigmaHQ";
repo = "pySigma-backend-splunk";
rev = "v${version}";
hash = "sha256-AGT+7BKtINe2ukmomYyoUa5PHYAH1N0tUTtbyjMD+kw=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
pysigma
];
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"sigma.backends.splunk"
];
meta = with lib; {
description = "Library to support Splunk for pySigma";
homepage = "https://github.com/SigmaHQ/pySigma-backend-splunk";
license = with licenses; [ lgpl21Only ];
maintainers = with maintainers; [ fab ];
};
}

View file

@ -0,0 +1,46 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, pysigma
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "pysigma-pipeline-crowdstrike";
version = "0.1.3";
format = "pyproject";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "SigmaHQ";
repo = "pySigma-pipeline-crowdstrike";
rev = "v${version}";
hash = "sha256-JNJHKydMzKreN+6liLlGMT1CFBUr/IX8Ah+exddKR3g=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
pysigma
];
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"sigma.pipelines.crowdstrike"
];
meta = with lib; {
description = "Library to support CrowdStrike pipeline for pySigma";
homepage = "https://github.com/SigmaHQ/pySigma-pipeline-crowdstrike";
license = with licenses; [ lgpl21Only ];
maintainers = with maintainers; [ fab ];
};
}

View file

@ -0,0 +1,46 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, pysigma
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "pysigma-pipeline-sysmon";
version = "0.1.1";
format = "pyproject";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "SigmaHQ";
repo = "pySigma-pipeline-sysmon";
rev = "v${version}";
hash = "sha256-BBJt2SAbnPEzIwJ+tXW4NmA4Nrb/glIaPlnmYHLoMD0=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
pysigma
];
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"sigma.pipelines.sysmon"
];
meta = with lib; {
description = "Library to support Sysmon pipeline for pySigma";
homepage = "https://github.com/SigmaHQ/pySigma-pipeline-sysmon";
license = with licenses; [ lgpl21Only ];
maintainers = with maintainers; [ fab ];
};
}

View file

@ -0,0 +1,66 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, fetchpatch
, poetry-core
, pyparsing
, pytestCheckHook
, pythonOlder
, pyyaml
}:
buildPythonPackage rec {
pname = "pysigma";
version = "0.3.2";
format = "pyproject";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "SigmaHQ";
repo = "pySigma";
rev = "v${version}";
hash = "sha256-V/E2rZqVrk0kIvk+hPhNcAifhMM/rN3mk3pB+CGd43w=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
pyparsing
pyyaml
];
checkInputs = [
pytestCheckHook
];
patches = [
# Switch to poetry-core, https://github.com/SigmaHQ/pySigma/pull/31
(fetchpatch {
name = "switch-to-poetry-core.patch";
url = "https://github.com/SigmaHQ/pySigma/commit/b7a852d18852007da90c2ec35bff347c97b36f07.patch";
sha256 = "sha256-zgg8Bsc37W2uuQluFpIZT4jHCQaitY2ZgS93Wk6Hxt0=";
})
];
postPatch = ''
# https://github.com/SigmaHQ/pySigma/issues/32
# https://github.com/SigmaHQ/pySigma/issues/33
substituteInPlace pyproject.toml \
--replace 'pyparsing = "^2.4.7"' 'pyparsing = "*"' \
--replace 'pyyaml = "^5.3.1"' 'pyyaml = "*"'
'';
pythonImportsCheck = [
"sigma"
];
meta = with lib; {
description = "Library to parse and convert Sigma rules into queries";
homepage = "https://github.com/SigmaHQ/pySigma";
license = with licenses; [ lgpl21Only ];
maintainers = with maintainers; [ fab ];
};
}

View file

@ -0,0 +1,50 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "sigma-cli";
version = "0.3.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "SigmaHQ";
repo = pname;
rev = "v${version}";
hash = "sha256-Nfd78Y35naDTzwodcdvJr/02CptcHxS717VGsR/QOuI=";
};
nativeBuildInputs = with python3.pkgs; [
poetry-core
];
propagatedBuildInputs = with python3.pkgs; [
click
prettytable
pysigma
pysigma-backend-splunk
pysigma-pipeline-crowdstrike
pysigma-pipeline-sysmon
];
checkInputs = with python3.pkgs; [
pytestCheckHook
];
postPatch = ''
substituteInPlace pyproject.toml \
--replace 'prettytable = "^3.1.1"' 'prettytable = "*"'
'';
pythonImportsCheck = [
"sigma.cli"
];
meta = with lib; {
description = "Sigma command line interface";
homepage = "https://github.com/SigmaHQ/sigma-cli";
license = with licenses; [ lgpl21Plus ];
maintainers = with maintainers; [ fab ];
};
}

View file

@ -9839,6 +9839,8 @@ with pkgs;
slither-analyzer = with python3Packages; toPythonApplication slither-analyzer;
sigma-cli = callPackage ../tools/security/sigma-cli { };
signify = callPackage ../tools/security/signify { };
# aka., pgp-tools

View file

@ -7649,6 +7649,14 @@ in {
pysideTools = callPackage ../development/python-modules/pyside/tools.nix { };
pysigma = callPackage ../development/python-modules/pysigma { };
pysigma-backend-splunk = callPackage ../development/python-modules/pysigma-backend-splunk { };
pysigma-pipeline-crowdstrike = callPackage ../development/python-modules/pysigma-pipeline-crowdstrike { };
pysigma-pipeline-sysmon = callPackage ../development/python-modules/pysigma-pipeline-sysmon { };
pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { };
pysigset = callPackage ../development/python-modules/pysigset { };