Merge pull request #163819 from fabaff/pysigma
sigma-cli: init at 0.3.0
This commit is contained in:
commit
f88784d690
7 changed files with 264 additions and 0 deletions
|
@ -0,0 +1,46 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, pysigma
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pysigma-backend-splunk";
|
||||
version = "0.1.1";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SigmaHQ";
|
||||
repo = "pySigma-backend-splunk";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-AGT+7BKtINe2ukmomYyoUa5PHYAH1N0tUTtbyjMD+kw=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pysigma
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"sigma.backends.splunk"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library to support Splunk for pySigma";
|
||||
homepage = "https://github.com/SigmaHQ/pySigma-backend-splunk";
|
||||
license = with licenses; [ lgpl21Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, pysigma
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pysigma-pipeline-crowdstrike";
|
||||
version = "0.1.3";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SigmaHQ";
|
||||
repo = "pySigma-pipeline-crowdstrike";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-JNJHKydMzKreN+6liLlGMT1CFBUr/IX8Ah+exddKR3g=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pysigma
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"sigma.pipelines.crowdstrike"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library to support CrowdStrike pipeline for pySigma";
|
||||
homepage = "https://github.com/SigmaHQ/pySigma-pipeline-crowdstrike";
|
||||
license = with licenses; [ lgpl21Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, pysigma
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pysigma-pipeline-sysmon";
|
||||
version = "0.1.1";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SigmaHQ";
|
||||
repo = "pySigma-pipeline-sysmon";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-BBJt2SAbnPEzIwJ+tXW4NmA4Nrb/glIaPlnmYHLoMD0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pysigma
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"sigma.pipelines.sysmon"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library to support Sysmon pipeline for pySigma";
|
||||
homepage = "https://github.com/SigmaHQ/pySigma-pipeline-sysmon";
|
||||
license = with licenses; [ lgpl21Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
66
pkgs/development/python-modules/pysigma/default.nix
Normal file
66
pkgs/development/python-modules/pysigma/default.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, poetry-core
|
||||
, pyparsing
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, pyyaml
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pysigma";
|
||||
version = "0.3.2";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SigmaHQ";
|
||||
repo = "pySigma";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-V/E2rZqVrk0kIvk+hPhNcAifhMM/rN3mk3pB+CGd43w=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pyparsing
|
||||
pyyaml
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
patches = [
|
||||
# Switch to poetry-core, https://github.com/SigmaHQ/pySigma/pull/31
|
||||
(fetchpatch {
|
||||
name = "switch-to-poetry-core.patch";
|
||||
url = "https://github.com/SigmaHQ/pySigma/commit/b7a852d18852007da90c2ec35bff347c97b36f07.patch";
|
||||
sha256 = "sha256-zgg8Bsc37W2uuQluFpIZT4jHCQaitY2ZgS93Wk6Hxt0=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# https://github.com/SigmaHQ/pySigma/issues/32
|
||||
# https://github.com/SigmaHQ/pySigma/issues/33
|
||||
substituteInPlace pyproject.toml \
|
||||
--replace 'pyparsing = "^2.4.7"' 'pyparsing = "*"' \
|
||||
--replace 'pyyaml = "^5.3.1"' 'pyyaml = "*"'
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"sigma"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library to parse and convert Sigma rules into queries";
|
||||
homepage = "https://github.com/SigmaHQ/pySigma";
|
||||
license = with licenses; [ lgpl21Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
50
pkgs/tools/security/sigma-cli/default.nix
Normal file
50
pkgs/tools/security/sigma-cli/default.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ lib
|
||||
, fetchFromGitHub
|
||||
, python3
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "sigma-cli";
|
||||
version = "0.3.0";
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SigmaHQ";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Nfd78Y35naDTzwodcdvJr/02CptcHxS717VGsR/QOuI=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
click
|
||||
prettytable
|
||||
pysigma
|
||||
pysigma-backend-splunk
|
||||
pysigma-pipeline-crowdstrike
|
||||
pysigma-pipeline-sysmon
|
||||
];
|
||||
|
||||
checkInputs = with python3.pkgs; [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pyproject.toml \
|
||||
--replace 'prettytable = "^3.1.1"' 'prettytable = "*"'
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"sigma.cli"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Sigma command line interface";
|
||||
homepage = "https://github.com/SigmaHQ/sigma-cli";
|
||||
license = with licenses; [ lgpl21Plus ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -9839,6 +9839,8 @@ with pkgs;
|
|||
|
||||
slither-analyzer = with python3Packages; toPythonApplication slither-analyzer;
|
||||
|
||||
sigma-cli = callPackage ../tools/security/sigma-cli { };
|
||||
|
||||
signify = callPackage ../tools/security/signify { };
|
||||
|
||||
# aka., pgp-tools
|
||||
|
|
|
@ -7649,6 +7649,14 @@ in {
|
|||
|
||||
pysideTools = callPackage ../development/python-modules/pyside/tools.nix { };
|
||||
|
||||
pysigma = callPackage ../development/python-modules/pysigma { };
|
||||
|
||||
pysigma-backend-splunk = callPackage ../development/python-modules/pysigma-backend-splunk { };
|
||||
|
||||
pysigma-pipeline-crowdstrike = callPackage ../development/python-modules/pysigma-pipeline-crowdstrike { };
|
||||
|
||||
pysigma-pipeline-sysmon = callPackage ../development/python-modules/pysigma-pipeline-sysmon { };
|
||||
|
||||
pysignalclirestapi = callPackage ../development/python-modules/pysignalclirestapi { };
|
||||
|
||||
pysigset = callPackage ../development/python-modules/pysigset { };
|
||||
|
|
Loading…
Reference in a new issue