git: dae915d003e3 - main - security/py-iris-evtx-module: New port: Example of IRIS module, handling EVTX files
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 30 Apr 2023 21:52:28 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=dae915d003e3ee6f12a58f0131825e3c4673ec40
commit dae915d003e3ee6f12a58f0131825e3c4673ec40
Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2023-04-30 21:50:39 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2023-04-30 21:50:39 +0000
security/py-iris-evtx-module: New port: Example of IRIS module, handling EVTX files
An interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX
log files. The module is installed on IRIS by default. In case you needed a
procedure to install it by yourself, you can follow the one below.
---
security/Makefile | 1 +
security/py-iris-evtx-module/Makefile | 29 +++++++++++++++++++++++++++++
security/py-iris-evtx-module/distinfo | 3 +++
security/py-iris-evtx-module/pkg-descr | 3 +++
4 files changed, 36 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 75d91fe4d446..1a51e8a3ab8d 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -917,6 +917,7 @@
SUBDIR += py-htpasswd
SUBDIR += py-iris-check-module
SUBDIR += py-iris-client
+ SUBDIR += py-iris-evtx-module
SUBDIR += py-iris-misp-module
SUBDIR += py-iris-module-interface
SUBDIR += py-iris-vt-module
diff --git a/security/py-iris-evtx-module/Makefile b/security/py-iris-evtx-module/Makefile
new file mode 100644
index 000000000000..e653b1c6852a
--- /dev/null
+++ b/security/py-iris-evtx-module/Makefile
@@ -0,0 +1,29 @@
+PORTNAME= iris-evtx-module
+DISTVERSION= 1.2.0
+DISTVERSIONPREFIX= v
+CATEGORIES= security python
+PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER= acm@FreeBSD.org
+COMMENT= Example of IRIS module, handling EVTX files
+WWW= https://github.com/dfir-iris/iris-evtx-module
+
+LICENSE= LGPL3
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}celery>0:devel/py-celery@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}pyunpack>0:archivers/py-pyunpack@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}evtx2splunk>0:textproc/py-evtx2splunk@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}iris-module-interface>0:security/py-iris-module-interface@${PY_FLAVOR}
+
+USE_GITHUB= yes
+GH_ACCOUNT= dfir-iris
+GH_PROJECT= ${PORTNAME}
+GH_TAGNAME= 4845709c26bc1a5aa2528077749ec1f61985175f
+
+USES= python:3.8+
+USE_PYTHON= autoplist distutils
+
+NO_ARCH= yes
+
+.include <bsd.port.mk>
diff --git a/security/py-iris-evtx-module/distinfo b/security/py-iris-evtx-module/distinfo
new file mode 100644
index 000000000000..bd170a6e52ee
--- /dev/null
+++ b/security/py-iris-evtx-module/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1682890639
+SHA256 (dfir-iris-iris-evtx-module-v1.2.0-4845709c26bc1a5aa2528077749ec1f61985175f_GH0.tar.gz) = 7ce45d2d8dd71ed4c8bac7d89f0bab300e2db3d3fecf5306c7a5691f735f186d
+SIZE (dfir-iris-iris-evtx-module-v1.2.0-4845709c26bc1a5aa2528077749ec1f61985175f_GH0.tar.gz) = 17041
diff --git a/security/py-iris-evtx-module/pkg-descr b/security/py-iris-evtx-module/pkg-descr
new file mode 100644
index 000000000000..aa7c5b2c9aec
--- /dev/null
+++ b/security/py-iris-evtx-module/pkg-descr
@@ -0,0 +1,3 @@
+An interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX
+log files. The module is installed on IRIS by default. In case you needed a
+procedure to install it by yourself, you can follow the one below.