blob: 8a9bcbc74c80c1a9a3a7209ccf32afc41ee52dea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
%global _empty_manifest_terminate_build 0
Name: python-kestrel-lang
Version: 1.6.1
Release: 1
Summary: Kestrel Threat Hunting Language
License: Apache 2.0 License
URL: https://github.com/opencybersecurityalliance/kestrel-lang
Source0: https://mirrors.aliyun.com/pypi/web/packages/7d/b7/75ce29211e9eb9b49a718b1e95593d3b51a64de160495c418933e3b9a6db/kestrel-lang-1.6.1.tar.gz
BuildArch: noarch
Requires: python3-pyyaml
Requires: python3-lxml
Requires: python3-pandas
Requires: python3-requests
Requires: python3-nest-asyncio
Requires: python3-lark
Requires: python3-pyarrow
Requires: python3-docker
Requires: python3-stix-shifter
Requires: python3-stix-shifter-utils
Requires: python3-firepit
Requires: python3-typeguard
%description
Kestrel is a threat hunting language aiming to make cyber threat hunting *fast*
by providing a layer of abstraction to build reusable, composable, and
shareable hunt-flow.
`Try Kestrel in a cloud sandbox without install`_ (Blog: `Try Kestrel in a Cloud Sandbox`_).
Software developers write Python or Swift than machine code to quickly turn
business logic into applications. Threat hunters write Kestrel to quickly turn
threat hypotheses into hunt-flow. We see threat hunting as an interactive
procedure to create customized intrusion detection systems on the fly, and
hunt-flow is to hunts as control-flow is to ordinary programs.
What does it mean by *hunt fast*?
- Do not write the same TTP pattern in different data source queries.
- Do not write one-time-use adapaters to connect hunt steps.
- Do not waste your existing analytic scripts/programs in future hunts.
- Do construct your hunt-flow from smaller reuseable hunt-flow.
- Do share your huntbook with your future self and your colleagues.
- Do get interactive feedback and revise hunt-flow on the fly.
|
%package -n python3-kestrel-lang
Summary: Kestrel Threat Hunting Language
Provides: python-kestrel-lang
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-pip
%description -n python3-kestrel-lang
Kestrel is a threat hunting language aiming to make cyber threat hunting *fast*
by providing a layer of abstraction to build reusable, composable, and
shareable hunt-flow.
`Try Kestrel in a cloud sandbox without install`_ (Blog: `Try Kestrel in a Cloud Sandbox`_).
Software developers write Python or Swift than machine code to quickly turn
business logic into applications. Threat hunters write Kestrel to quickly turn
threat hypotheses into hunt-flow. We see threat hunting as an interactive
procedure to create customized intrusion detection systems on the fly, and
hunt-flow is to hunts as control-flow is to ordinary programs.
What does it mean by *hunt fast*?
- Do not write the same TTP pattern in different data source queries.
- Do not write one-time-use adapaters to connect hunt steps.
- Do not waste your existing analytic scripts/programs in future hunts.
- Do construct your hunt-flow from smaller reuseable hunt-flow.
- Do share your huntbook with your future self and your colleagues.
- Do get interactive feedback and revise hunt-flow on the fly.
|
%package help
Summary: Development documents and examples for kestrel-lang
Provides: python3-kestrel-lang-doc
%description help
Kestrel is a threat hunting language aiming to make cyber threat hunting *fast*
by providing a layer of abstraction to build reusable, composable, and
shareable hunt-flow.
`Try Kestrel in a cloud sandbox without install`_ (Blog: `Try Kestrel in a Cloud Sandbox`_).
Software developers write Python or Swift than machine code to quickly turn
business logic into applications. Threat hunters write Kestrel to quickly turn
threat hypotheses into hunt-flow. We see threat hunting as an interactive
procedure to create customized intrusion detection systems on the fly, and
hunt-flow is to hunts as control-flow is to ordinary programs.
What does it mean by *hunt fast*?
- Do not write the same TTP pattern in different data source queries.
- Do not write one-time-use adapaters to connect hunt steps.
- Do not waste your existing analytic scripts/programs in future hunts.
- Do construct your hunt-flow from smaller reuseable hunt-flow.
- Do share your huntbook with your future self and your colleagues.
- Do get interactive feedback and revise hunt-flow on the fly.
|
%prep
%autosetup -n kestrel-lang-1.6.1
%build
%py3_build
%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .
%files -n python3-kestrel-lang -f filelist.lst
%dir %{python3_sitelib}/*
%files help -f doclist.lst
%{_docdir}/*
%changelog
* Fri Jun 09 2023 Python_Bot <Python_Bot@openeuler.org> - 1.6.1-1
- Package Spec generated
|
