Merge pull request #241772 from fabaff/zircolite

zircolite: init at 2.9.9

pkgs/by-name/zi/zircolite/package.nix

@@ -0,0 +1,58 @@
+{ lib
+, fetchFromGitHub
+, makeWrapper
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "zircolite";
+  version = "2.9.9";
+  format = "other";
+
+  src = fetchFromGitHub {
+    owner = "wagga40";
+    repo = "Zircolite";
+    rev = "refs/tags/${version}";
+    hash = "sha256-De1FLeYZY9eiBW18AVAMtYysC0b8AzO5HtFKxyzK9GY=";
+  };
+
+  nativeBuildInputs = [
+    makeWrapper
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    aiohttp
+    colorama
+    elastic-transport
+    elasticsearch
+    evtx
+    jinja2
+    lxml
+    orjson
+    requests
+    tqdm
+    urllib3
+    xxhash
+  ] ++ elasticsearch.optional-dependencies.async;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin $out/share $out/share/zircolite
+    cp -R . $out/share/zircolite
+
+    makeWrapper ${python3.interpreter} $out/bin/zircolite \
+      --set PYTHONPATH "$PYTHONPATH:$out/bin/zircolite.py" \
+      --add-flags "$out/share/zircolite/zircolite.py"
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "SIGMA-based detection tool for EVTX, Auditd, Sysmon and other logs";
+    homepage = "https://github.com/wagga40/Zircolite";
+    changelog = "https://github.com/wagga40/Zircolite/releases/tag/${version}";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ fab ];
+  };
+}