first commit

2025-04-07 12:22:06 -04:00 · 2025-04-07 12:22:06 -04:00 · 7988853b57
commit 7988853b57
43 changed files with 8415 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,48 @@
+
+# fylgja
+Manage your Elastic Stack threat detection ruleset through a Slack frontend
+
+## Features
+ - [Sigma](https://github.com/SigmaHQ/sigma) integration:
+   - Imports the Sigma rule repository to an SQLite database
+   - Search rules by keyword
+   - Convert rules into SIEM format
+   - Upload generated rules to Elastic
+ - All without leaving the Slack channel!
+
+## Setup
+### Clone Repo
+```
+git clone https://codeberg.org/charlottecroce/fylgja.git
+cd fylgja/
+```
+### Install requirements
+```
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -r requirements.txt
+```
+
+### Install sigma-cli elasticsearch plugin
+```
+sigma plugin install elasticsearch
+```
+
+### Create the database
+```
+npm run update-db
+```
+
+### YAML Configuration
+- Copy the example config: `cp fylgja.example.yml fylgja.yml`
+- Edit `fylgja.yml` and replace the placeholder values with your real API keys
+
+### Slack Configuration
+- Copy the example config: `cp slack.example.yml slack.yml`
+- Edit `slack.yml` and replace the placeholder values with your real server domain name
+
+> this should probably be all included in a setup script or something
+
+> [!Important]
+> While detection rules are stored in Elasticsearch, in my case, they are managed through the Kibana API. This has not been tested on other frontend APIs.
+