Fix for Issue #617 (#91)

* Fix issue between plaso and python-evtx * Remove python-evtx package, update headers * Update plaso header
teamdfir · Feb 22, 2024 · 8848bc9 · 8848bc9
1 parent 67805d9
commit 8848bc9
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 32 deletions.
diff --git a/sift/packages/init.sls b/sift/packages/init.sls
@@ -137,8 +137,6 @@ include:
   - sift.packages.pff-tools
   - sift.packages.phonon
   - sift.packages.pkg-config
-  - sift.packages.plaso
-  - sift.packages.plaso-data
   - sift.packages.plaso-tools
   - sift.packages.powershell
   - sift.packages.pv
@@ -149,7 +147,6 @@ include:
   - sift.packages.python3-fuse
   - sift.packages.python3-pefile
   - sift.packages.python3-pip
-  - sift.packages.python3-plaso
   - sift.packages.python3-pypff
   - sift.packages.python3-pytsk3
   - sift.packages.python3-pyqt5
@@ -346,8 +343,6 @@ sift-packages:
       - sls: sift.packages.pff-tools
       - sls: sift.packages.phonon
       - sls: sift.packages.pkg-config
-      - sls: sift.packages.plaso
-      - sls: sift.packages.plaso-data
       - sls: sift.packages.plaso-tools
       - sls: sift.packages.powershell
       - sls: sift.packages.pv
@@ -358,7 +353,6 @@ sift-packages:
       - sls: sift.packages.python3-fuse
       - sls: sift.packages.python3-pefile
       - sls: sift.packages.python3-pip
-      - sls: sift.packages.python3-plaso
       - sls: sift.packages.python3-pypff
       - sls: sift.packages.python3-pytsk3
       - sls: sift.packages.python3-pyqt5

diff --git a/sift/packages/plaso-data.sls b/sift/packages/plaso-data.sls
diff --git a/sift/packages/plaso-tools.sls b/sift/packages/plaso-tools.sls
@@ -1,10 +1,16 @@
+# Name: plaso
+# Website: https://github.com/log2timeline/plaso
+# Description: Python-based tool to create a timeline based on several sources
+# Category: 
+# Author: Joachim Metz
+# License: Apache License 2.0 (https://github.com/log2timeline/plaso/blob/main/LICENSE)
+# Notes: psteal.py, psort.py, log2timeline.py
+
 include:
   - sift.repos.gift
-  - sift.packages.python3-plaso
 
-plaso-tools:
+sift-package-plaso-tools:
   pkg.latest:
     - name: plaso-tools
     - require:
       - sls: sift.repos.gift
-      - sls: sift.packages.python3-plaso
diff --git a/sift/packages/plaso.sls b/sift/packages/plaso.sls
diff --git a/sift/python3-packages/python-evtx.sls b/sift/python3-packages/python-evtx.sls
@@ -1,9 +1,19 @@
+# Name: python-evtx
+# Website: https://github.com/williballenthin/python-evtx
+# Description: Pure Python parser for Windows Event Log (.evtx) files
+# Category:
+# Author: Willi Ballenthin
+# License: Apache License 2.0 (https://github.com/williballenthin/python-evtx/blob/master/LICENSE.TXT)
+# Notes: evtx_dates.py, evtx_dump.py, evtx_dump_chunk_slack.py, evtx_dump_json.py, evtx_info.py
+
 include:
   - sift.python3-packages.pip
+  - sift.packages.git
 
 sift-python3-packages-python-evtx:
   pip.installed:
-    - name: python-evtx
+    - name: git+https://github.com/williballenthin/python-evtx.git
     - bin_env: /usr/bin/python3
     - require:
       - sls: sift.python3-packages.pip
+      - sls: sift.packages.git