create CLI and sigma stats function in CLI

2025-04-18 17:15:41 -04:00 · 2025-04-18 17:15:41 -04:00 · 519c87fb04
commit 519c87fb04
parent 85bb8958b8
9 changed files with 849 additions and 46 deletions
--- a/fylgja-cli.md
+++ b/fylgja-cli.md
@ -0,0 +1,59 @@
+# Fylgja CLI Interface
+
+The Fylgja CLI provides an interactive command-line interface for managing SIEM rules, similar to MySQL's CLI.
+
+## Usage
+
+Start the CLI interface:
+
+```bash
+npm run cli
+```
+
+Or use the direct launcher:
+
+```bash
+./fylgja-cli
+```
+
+## Features
+
+- **Interactive Prompt**: MySQL-style prompt with command history
+- **Tab Completion**: Press Tab to auto-complete commands
+- **Command History**: Use Up/Down arrows to navigate previous commands
+- **Formatted Output**: Table-based output formats for different commands
+- **Color Coding**: Visual indicators for severity levels and result types
+
+## Available Commands
+
+### Basic Commands
+
+```
+search <keyword>            Search for Sigma rules by keyword
+details <rule_id>           Get details about a specific Sigma rule
+stats                       Get statistics about Sigma rules database
+help                        Display help information
+exit/quit                   Exit the CLI
+clear                       Clear the terminal screen
+```
+
+### Advanced Search Commands
+
+```
+search sigma rules where title contains "ransomware"
+find rules where tags include privilege_escalation
+search rules where logsource.category == "process_creation"
+find rules where modified after 2024-01-01
+```
+
+## Examples
+
+```
+fylgja> search rules where level is "high"
+fylgja> details 5f35f6c7-80a7-4ca0-a41f-31e8ac557233
+fylgja> stats
+```
+
+## Integration with Slack Bot
+
+The CLI interface uses the same command parsing and execution logic as the Slack bot, ensuring consistency across interfaces.