From 058813373b3a19c4e9b719135eeaed0f49e8739a Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Mar 2022 11:34:11 +0100 Subject: [PATCH 1/5] python3Packages.pysigma: init at 0.3.2 --- .../python-modules/pysigma/default.nix | 66 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 68 insertions(+) create mode 100644 pkgs/development/python-modules/pysigma/default.nix diff --git a/pkgs/development/python-modules/pysigma/default.nix b/pkgs/development/python-modules/pysigma/default.nix new file mode 100644 index 000000000000..39ab5c9918b5 --- /dev/null +++ b/pkgs/development/python-modules/pysigma/default.nix @@ -0,0 +1,66 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, fetchpatch +, poetry-core +, pyparsing +, pytestCheckHook +, pythonOlder +, pyyaml +}: + +buildPythonPackage rec { + pname = "pysigma"; + version = "0.3.2"; + format = "pyproject"; + + disabled = pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = "pySigma"; + rev = "v${version}"; + hash = "sha256-V/E2rZqVrk0kIvk+hPhNcAifhMM/rN3mk3pB+CGd43w="; + }; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + pyparsing + pyyaml + ]; + + checkInputs = [ + pytestCheckHook + ]; + + patches = [ + # Switch to poetry-core, https://github.com/SigmaHQ/pySigma/pull/31 + (fetchpatch { + name = "switch-to-poetry-core.patch"; + url = "https://github.com/SigmaHQ/pySigma/commit/b7a852d18852007da90c2ec35bff347c97b36f07.patch"; + sha256 = "sha256-zgg8Bsc37W2uuQluFpIZT4jHCQaitY2ZgS93Wk6Hxt0="; + }) + ]; + + postPatch = '' + # https://github.com/SigmaHQ/pySigma/issues/32 + # https://github.com/SigmaHQ/pySigma/issues/33 + substituteInPlace pyproject.toml \ + --replace 'pyparsing = "^2.4.7"' 'pyparsing = "*"' \ + --replace 'pyyaml = "^5.3.1"' 'pyyaml = "*"' + ''; + + pythonImportsCheck = [ + "sigma" + ]; + + meta = with lib; { + description = "Library to parse and convert Sigma rules into queries"; + homepage = "https://github.com/SigmaHQ/pySigma"; + license = with licenses; [ lgpl21Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 9e9fb29a35f5..5ea8b9430c86 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7647,6 +7647,8 @@ in { pysideTools = callPackage ../development/python-modules/pyside/tools.nix { }; + pysigma = callPackage ../development/python-modules/pysigma { }; + pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { }; pysigset = callPackage ../development/python-modules/pysigset { }; From 403a124f4d2a6e18e245bfb576d3c31ddb776ecf Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Mar 2022 11:45:33 +0100 Subject: [PATCH 2/5] python3Packages.pysigma-backend-splunk: init at 0.1.1 --- .../pysigma-backend-splunk/default.nix | 46 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 48 insertions(+) create mode 100644 pkgs/development/python-modules/pysigma-backend-splunk/default.nix diff --git a/pkgs/development/python-modules/pysigma-backend-splunk/default.nix b/pkgs/development/python-modules/pysigma-backend-splunk/default.nix new file mode 100644 index 000000000000..f3b122b4ecac --- /dev/null +++ b/pkgs/development/python-modules/pysigma-backend-splunk/default.nix @@ -0,0 +1,46 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, poetry-core +, pysigma +, pytestCheckHook +, pythonOlder +}: + +buildPythonPackage rec { + pname = "pysigma-backend-splunk"; + version = "0.1.1"; + format = "pyproject"; + + disabled = pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = "pySigma-backend-splunk"; + rev = "v${version}"; + hash = "sha256-AGT+7BKtINe2ukmomYyoUa5PHYAH1N0tUTtbyjMD+kw="; + }; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + pysigma + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "sigma.backends.splunk" + ]; + + meta = with lib; { + description = "Library to support Splunk for pySigma"; + homepage = "https://github.com/SigmaHQ/pySigma-backend-splunk"; + license = with licenses; [ lgpl21Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 5ea8b9430c86..685096a59471 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7649,6 +7649,8 @@ in { pysigma = callPackage ../development/python-modules/pysigma { }; + pysigma-backend-splunk = callPackage ../development/python-modules/pysigma-backend-splunk { }; + pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { }; pysigset = callPackage ../development/python-modules/pysigset { }; From fd50e124044c6305d23654b3081b9657d5cff8de Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Mar 2022 11:59:43 +0100 Subject: [PATCH 3/5] python3Packages.pysigma-pipeline-sysmon: init at 0.1.1 --- .../pysigma-pipeline-sysmon/default.nix | 46 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 48 insertions(+) create mode 100644 pkgs/development/python-modules/pysigma-pipeline-sysmon/default.nix diff --git a/pkgs/development/python-modules/pysigma-pipeline-sysmon/default.nix b/pkgs/development/python-modules/pysigma-pipeline-sysmon/default.nix new file mode 100644 index 000000000000..e784ac1eca16 --- /dev/null +++ b/pkgs/development/python-modules/pysigma-pipeline-sysmon/default.nix @@ -0,0 +1,46 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, poetry-core +, pysigma +, pytestCheckHook +, pythonOlder +}: + +buildPythonPackage rec { + pname = "pysigma-pipeline-sysmon"; + version = "0.1.1"; + format = "pyproject"; + + disabled = pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = "pySigma-pipeline-sysmon"; + rev = "v${version}"; + hash = "sha256-BBJt2SAbnPEzIwJ+tXW4NmA4Nrb/glIaPlnmYHLoMD0="; + }; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + pysigma + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "sigma.pipelines.sysmon" + ]; + + meta = with lib; { + description = "Library to support Sysmon pipeline for pySigma"; + homepage = "https://github.com/SigmaHQ/pySigma-pipeline-sysmon"; + license = with licenses; [ lgpl21Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 685096a59471..b3ea00bbab91 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7651,6 +7651,8 @@ in { pysigma-backend-splunk = callPackage ../development/python-modules/pysigma-backend-splunk { }; + pysigma-pipeline-sysmon = callPackage ../development/python-modules/pysigma-pipeline-sysmon { }; + pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { }; pysigset = callPackage ../development/python-modules/pysigset { }; From a5615d445e24762dbafb467adedb0c51ca3b48d1 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Mar 2022 12:03:31 +0100 Subject: [PATCH 4/5] python3Packages.pysigma-pipeline-crowdstrike: init at 0.1.3 --- .../pysigma-pipeline-crowdstrike/default.nix | 46 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 48 insertions(+) create mode 100644 pkgs/development/python-modules/pysigma-pipeline-crowdstrike/default.nix diff --git a/pkgs/development/python-modules/pysigma-pipeline-crowdstrike/default.nix b/pkgs/development/python-modules/pysigma-pipeline-crowdstrike/default.nix new file mode 100644 index 000000000000..22f589d3b149 --- /dev/null +++ b/pkgs/development/python-modules/pysigma-pipeline-crowdstrike/default.nix @@ -0,0 +1,46 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, poetry-core +, pysigma +, pytestCheckHook +, pythonOlder +}: + +buildPythonPackage rec { + pname = "pysigma-pipeline-crowdstrike"; + version = "0.1.3"; + format = "pyproject"; + + disabled = pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = "pySigma-pipeline-crowdstrike"; + rev = "v${version}"; + hash = "sha256-JNJHKydMzKreN+6liLlGMT1CFBUr/IX8Ah+exddKR3g="; + }; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + pysigma + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "sigma.pipelines.crowdstrike" + ]; + + meta = with lib; { + description = "Library to support CrowdStrike pipeline for pySigma"; + homepage = "https://github.com/SigmaHQ/pySigma-pipeline-crowdstrike"; + license = with licenses; [ lgpl21Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index b3ea00bbab91..dbe8150c54e6 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7651,6 +7651,8 @@ in { pysigma-backend-splunk = callPackage ../development/python-modules/pysigma-backend-splunk { }; + pysigma-pipeline-crowdstrike = callPackage ../development/python-modules/pysigma-pipeline-crowdstrike { }; + pysigma-pipeline-sysmon = callPackage ../development/python-modules/pysigma-pipeline-sysmon { }; pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { }; From 2e0fce9838a21f5e070ac5ac70c8ba10940202ae Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Mar 2022 12:16:53 +0100 Subject: [PATCH 5/5] sigma-cli: init at 0.3.0 --- pkgs/tools/security/sigma-cli/default.nix | 50 +++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 52 insertions(+) create mode 100644 pkgs/tools/security/sigma-cli/default.nix diff --git a/pkgs/tools/security/sigma-cli/default.nix b/pkgs/tools/security/sigma-cli/default.nix new file mode 100644 index 000000000000..3bf4e7889124 --- /dev/null +++ b/pkgs/tools/security/sigma-cli/default.nix @@ -0,0 +1,50 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "sigma-cli"; + version = "0.3.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = pname; + rev = "v${version}"; + hash = "sha256-Nfd78Y35naDTzwodcdvJr/02CptcHxS717VGsR/QOuI="; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + click + prettytable + pysigma + pysigma-backend-splunk + pysigma-pipeline-crowdstrike + pysigma-pipeline-sysmon + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace 'prettytable = "^3.1.1"' 'prettytable = "*"' + ''; + + pythonImportsCheck = [ + "sigma.cli" + ]; + + meta = with lib; { + description = "Sigma command line interface"; + homepage = "https://github.com/SigmaHQ/sigma-cli"; + license = with licenses; [ lgpl21Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2d3698945c82..5497af8c0845 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9831,6 +9831,8 @@ with pkgs; slither-analyzer = with python3Packages; toPythonApplication slither-analyzer; + sigma-cli = callPackage ../tools/security/sigma-cli { }; + signify = callPackage ../tools/security/signify { }; # aka., pgp-tools