wagga40
commented
1 month ago Hi, sorry for the late response. Zircolite was on PyPi but as a cli tool and not a library, it was a little bit messy so I decided to remove it. To have something clean and available on Pypi, some parts of Zircolite must be rewritten. To be honest, I am working on it but there are some things I want to release before :
- Faster insertion into db, current dev version shows Zircolite can be up to 10% faster
- Field transforms : Zircolite can apply transformations on selected fields by using user-provided python (Restricted Python actually)
- Refactor : like a lot of tools Zircolite started as a PoC and some part of it are kind of ugly to read
I've been using your project for a few months as part of a pipeline designed to reconstruct attack scenarios from heterogeneous raw logs (Windows and Linux). So far I've made a wrapper for Zircolite, but it's not very clean. Is it possible to make Zircolite a PyPi package so that it can be integrated more easily and cleanly into other projects?