diff --git a/pkgs/servers/monitoring/laurel/default.nix b/pkgs/servers/monitoring/laurel/default.nix
new file mode 100644
index 000000000000..8342915dffb1
--- /dev/null
+++ b/pkgs/servers/monitoring/laurel/default.nix
@@ -0,0 +1,31 @@
+{ acl
+, fetchFromGitHub
+, lib
+, rustPlatform
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "laurel";
+  version = "0.5.2";
+
+  src = fetchFromGitHub {
+    owner = "threathunters-io";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-MT3Zcuztb2QUwWR3HFViJQtygI0oIUE3TlMu+vWzbMI=";
+  };
+
+  cargoHash = "sha256-hX2nSBgXctAHGqvP/ZmMjGJf7C/wPJ/gL+gV7uI8gco=";
+
+  nativeBuildInputs = [ rustPlatform.bindgenHook ];
+  buildInputs = [ acl ];
+
+  meta = with lib; {
+    description = "Transform Linux Audit logs for SIEM usage";
+    homepage = "https://github.com/threathunters-io/laurel";
+    changelog = "https://github.com/threathunters-io/laurel/releases/tag/v${version}";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ indeednotjames ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 11ac14eed425..b4682fe70f7e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -21128,6 +21128,8 @@ with pkgs;
   LASzip = callPackage ../development/libraries/LASzip { };
   LASzip2 = callPackage ../development/libraries/LASzip/LASzip2.nix { };
 
+  laurel = callPackage ../servers/monitoring/laurel/default.nix { };
+
   lcm = callPackage ../development/libraries/lcm { };
 
   lcms = lcms2;