LogCraft CLI plugins mono-repository

This repository contains plugins for LogCraft CLI. Pull/merge requests are welcome and encouraged!

---

Documentation: https://docs.logcraft.io

LogCraft CLI: https://github.com/LogCraftIO/logcraft-cli

---

LogCraft CLI

LogCraft CLI is an open-source tool developed by LogCraft that simplifies the creation of Detection-as-Code pipelines while leveraging native Version Control System (VCS) capabilities such as GitLab.

With LogCraft CLI, you can easily deploy your security detections into your SIEM, EDR, XDR, and other modern security solutions.

Plugins

• Splunk
• Microsoft Azure Sentinel

Getting the bits

Releases

Download the latest build of the desired plugins directly from the releases page. This is the recommended approach for most users.

Building from the sources

If you prefer, you can build the plugins from the sources:

First, clone the repository:

git clone https://github.com/LogCraftIO/logcraft-cli-plugins
cd logcraft-cli-plugins

Then, enter the directory of the plugin of your choice

cd <PLUGIN_DIR>
cargo component build --release

For example

cd splunk
cargo component build --release

The plugin will be released under: ../target/wasm32-wasi/release/ as a .wasm file.

Add it to lgc using the plugins install command:

~$ cd your-work-dir
~$ lgc plugins install /path/to/target/wasm32-wasi/release/<PLUGIN>.wasm

For example:

~$ lgc plugins install /path/to/target/wasm32-wasi/release/splunk.wasm

Note that compiling the plugin requires cargo-component and wasm32-wasi:

cargo install cargo-component --locked
rustup target add wasm32-wasi