From nobody Sun Apr 30 21:52:28 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q8g704sNkz48M9Y; Sun, 30 Apr 2023 21:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q8g704RMxz4J5w; Sun, 30 Apr 2023 21:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682891548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YJ9NXGq239hR8oyFYH28xB/CJ1RxWhTYxD6jx+G6aEU=; b=oR09BMe3cI++QDNLxp3HPBCQTBbaGiomxc9V4g9XjLisiVif4OAN24nM6+IWTq2Oq8Xqnx vEX8/JVtwol/vzvqf2Wq06INIbIj9yuOueU6EjZNuJmEq/Kid4fioY2TTr0F++yiOWD+B2 YyeUMA7N5jlii6lfn+2B3dqwb4gtdyj0XI6kEFetUhPdKwEYlKTN3lBVKQKgLc5XTJ5qq4 Ez3mPWQLEmkARWT731nWE6iJbiVIIyTRpKqkU0XRS3PeiDZxlkAj+qFldYZEH/V18y2a3f rP5ejTT1xdQE0HQ08CbmLouoMbcMbNlpoWFLOvQyN2PXck1EhUy/I4uJBwuwww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682891548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YJ9NXGq239hR8oyFYH28xB/CJ1RxWhTYxD6jx+G6aEU=; b=Bb9o6uplMkbWjlKudqwlECechDAHTLW79OsHYLmM8TpUMgebC34W4HA8T8GRGQi5cyzjak Qj0T7wg9ug7U/+mVomDtvUSxrwpqck5910xx9GsB2IwcL/74padgxFn6nv5J8VJAMDkva1 PNL2tKK0B9XshacHWxpPzWs7YQM0WC8V6hheEaDNJjXCtWtbPU/Ao96hc2fi/QO46pcG+t jT5qEbUlmBWrM+r3n2f1+Lq8aHTM657rfhTxs7UQZM+ZqOQD66CSDS46V3ABcnSdL1+LRy sTv+w/a0QTDo8bc2tj/UDJ4Y3WvB/T9K96PuAuJh/9uwiruJzgECILYDPeuRig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682891548; a=rsa-sha256; cv=none; b=VYCO9B2QJf0ANz47ra2ZsbKj8cwY3w6i7tjDu09DGizWQsVnNyzy0+a8zKZWXdBCCeKMX7 JOiYCBNyLDF6lf7IJ8yZF1whKZlv3po540H7wix4IOkj6/y42LfCRaZN0GryvO5X8Z1Vtr Xz2HgfIdvow+5jx4XTDjC0rAR+MN3ynSVf5SRq0rX1bCiPLXrjeyKy1pHYvNv+U+e81er0 fB2QcXPzZy27xFVlWImhVxgT70pKYX6x1sJGti0BOQDOeK+hQ6fu3S8KLuynrTt6Ua4YVS h8F0J7lCNpd2gy4E7pKn88sZCLy98WsH/guhgkv7WghAy0I8Dn9A1yvPq74AhQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q8g703TgpzgSt; Sun, 30 Apr 2023 21:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33ULqSBh056482; Sun, 30 Apr 2023 21:52:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33ULqSTZ056481; Sun, 30 Apr 2023 21:52:28 GMT (envelope-from git) Date: Sun, 30 Apr 2023 21:52:28 GMT Message-Id: <202304302152.33ULqSTZ056481@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Jose Alonso Cardenas Marquez Subject: git: dae915d003e3 - main - security/py-iris-evtx-module: New port: Example of IRIS module, handling EVTX files List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: acm X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dae915d003e3ee6f12a58f0131825e3c4673ec40 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by acm: URL: https://cgit.FreeBSD.org/ports/commit/?id=dae915d003e3ee6f12a58f0131825e3c4673ec40 commit dae915d003e3ee6f12a58f0131825e3c4673ec40 Author: Jose Alonso Cardenas Marquez AuthorDate: 2023-04-30 21:50:39 +0000 Commit: Jose Alonso Cardenas Marquez CommitDate: 2023-04-30 21:50:39 +0000 security/py-iris-evtx-module: New port: Example of IRIS module, handling EVTX files An interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The module is installed on IRIS by default. In case you needed a procedure to install it by yourself, you can follow the one below. --- security/Makefile | 1 + security/py-iris-evtx-module/Makefile | 29 +++++++++++++++++++++++++++++ security/py-iris-evtx-module/distinfo | 3 +++ security/py-iris-evtx-module/pkg-descr | 3 +++ 4 files changed, 36 insertions(+) diff --git a/security/Makefile b/security/Makefile index 75d91fe4d446..1a51e8a3ab8d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -917,6 +917,7 @@ SUBDIR += py-htpasswd SUBDIR += py-iris-check-module SUBDIR += py-iris-client + SUBDIR += py-iris-evtx-module SUBDIR += py-iris-misp-module SUBDIR += py-iris-module-interface SUBDIR += py-iris-vt-module diff --git a/security/py-iris-evtx-module/Makefile b/security/py-iris-evtx-module/Makefile new file mode 100644 index 000000000000..e653b1c6852a --- /dev/null +++ b/security/py-iris-evtx-module/Makefile @@ -0,0 +1,29 @@ +PORTNAME= iris-evtx-module +DISTVERSION= 1.2.0 +DISTVERSIONPREFIX= v +CATEGORIES= security python +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= acm@FreeBSD.org +COMMENT= Example of IRIS module, handling EVTX files +WWW= https://github.com/dfir-iris/iris-evtx-module + +LICENSE= LGPL3 +LICENSE_FILE= ${WRKSRC}/LICENSE.txt + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}celery>0:devel/py-celery@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyunpack>0:archivers/py-pyunpack@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}evtx2splunk>0:textproc/py-evtx2splunk@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}iris-module-interface>0:security/py-iris-module-interface@${PY_FLAVOR} + +USE_GITHUB= yes +GH_ACCOUNT= dfir-iris +GH_PROJECT= ${PORTNAME} +GH_TAGNAME= 4845709c26bc1a5aa2528077749ec1f61985175f + +USES= python:3.8+ +USE_PYTHON= autoplist distutils + +NO_ARCH= yes + +.include diff --git a/security/py-iris-evtx-module/distinfo b/security/py-iris-evtx-module/distinfo new file mode 100644 index 000000000000..bd170a6e52ee --- /dev/null +++ b/security/py-iris-evtx-module/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1682890639 +SHA256 (dfir-iris-iris-evtx-module-v1.2.0-4845709c26bc1a5aa2528077749ec1f61985175f_GH0.tar.gz) = 7ce45d2d8dd71ed4c8bac7d89f0bab300e2db3d3fecf5306c7a5691f735f186d +SIZE (dfir-iris-iris-evtx-module-v1.2.0-4845709c26bc1a5aa2528077749ec1f61985175f_GH0.tar.gz) = 17041 diff --git a/security/py-iris-evtx-module/pkg-descr b/security/py-iris-evtx-module/pkg-descr new file mode 100644 index 000000000000..aa7c5b2c9aec --- /dev/null +++ b/security/py-iris-evtx-module/pkg-descr @@ -0,0 +1,3 @@ +An interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX +log files. The module is installed on IRIS by default. In case you needed a +procedure to install it by yourself, you can follow the one below.