docker_zircolite

2 Commits 1 Branch 0 Tags

Author	SHA1	Message	Date
tabledevil	7188d7b6bc	Pin alpine:3.23, multi-stage runtime, smoke test, fix arg drift - Pin both stages to alpine:3.23 (was floating 'alpine'). - Multi-stage: separate runtime image without rust+cargo+sdk, just python3. - venv for Python deps (PEP 668 on modern Alpine blocks system pip). - start.sh: -c <fieldMappings.yaml> (was .json — upstream renamed), drop -t which now means --template (Jinja2) not tmpdir. - test_smoke.sh: fetch Yamato sample-evtx on demand, scan, verify JSON + log produced, count Sigma rule hits. - fetch-test-data.sh + .gitignore for test-data/. Validated end-to-end on amd64 Linux: 5/5 PASS, 39 hits, Zircolite v3.6.3 with 2160 rules. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 19:20:05 +02:00
tabledevil	49cf6750fd	first commit	2023-11-30 12:29:06 +01:00

Author

SHA1

Message

Date

tabledevil

7188d7b6bc

Pin alpine:3.23, multi-stage runtime, smoke test, fix arg drift

- Pin both stages to alpine:3.23 (was floating 'alpine').
- Multi-stage: separate runtime image without rust+cargo+sdk, just python3.
- venv for Python deps (PEP 668 on modern Alpine blocks system pip).
- start.sh: -c <fieldMappings.yaml> (was .json — upstream renamed),
  drop -t which now means --template (Jinja2) not tmpdir.
- test_smoke.sh: fetch Yamato sample-evtx on demand, scan, verify JSON
  + log produced, count Sigma rule hits.
- fetch-test-data.sh + .gitignore for test-data/.

Validated end-to-end on amd64 Linux: 5/5 PASS, 39 hits, Zircolite v3.6.3
with 2160 rules.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-07 19:20:05 +02:00

tabledevil

49cf6750fd

first commit

2023-11-30 12:29:06 +01:00