Vast2nix

The vast2nix repo is still in work-in-process. You could discover some methods and inspiration in different examples as follows. Also, it would help you to understand how nix/nixos leverages us to build a SOC platform and accomplish some automation jobs.

Getting started with Online Document

The 4 Layers of Packaging

Vast2nix is based on The 4 Layers of Packaging of std.

• The OCI image packaging: nix/vast/oci-images/default.nix
  • The entrypoint packaging nix/vast/operables/default.nix
• The entrypoint packaging nix/vast/entrypoints/default.nix
• The binary packaging nix/vast/packages/default.nix
• The Scheduler Chart packaging vast-compose,OpenCTI-nomadJobs,vast-nixos

Generator

How is vast2nix genarated `configFiles/config`

• nix/vast/config
• nix/vast/configFiles

Operations

How is vast2nix operated task/platform/cloud/workflow/vast-intergation

• nix/query/entrypoints/default.nix

Render

How is vast2nix rendered vast-schemas/attack-models/dataTypes/

• converting Phishing-url jsonSchema -> vast-schemas
  • nix/schemas/config/default.nix
• using writeVastSchema to your security dataTypes - https://github.com/GTrunSec/matrix-attack-data/tree/main/nix/vast/schemas

Devshell

How is vast2nix hooked virtual shell with different environment profiles. -> zeek(btest,zeekScript,zeek-language-server)/vast(vast-intergation,pyvast)/theHive/zed/etc/

devshell Intergation

• nix/vast/devshells/default.nix
  • nix/vast/devshellProfiles/default.nix

devContainer OCI-image Intergation

docker pull ghcr.io/gtrunsec/quarto-dev:latest
docker run -it -v "$(pwd):/work" --entrypoint /bin/bash ghcr.io/gtrunsec/quarto-dev
menu

Real SOC Planet with Nix/Declarative EcoSystem

• https://github.com/GTrunSec/hunting-lab