lotte/fylgja
0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

add CLI details functionality

Browse source
This commit is contained in:
Charlotte Croce 2025-04-19 12:55:56 -04:00
parent 657a33a189
commit fd394fff36
3 changed files with 9 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/fylgja-cli.js
View file

@ -428,13 +428,13 @@ Fylgja CLI Help
Basic Sigma Commands: Basic Sigma Commands:
- search sigma <keyword> - Search for Sigma rules by keyword - search sigma <keyword> - Search for Sigma rules by keyword
- details sigma <rule_id> - Get details about a specific Sigma rule - details sigma <rule_id> - Get details about a specific Sigma rule
- sigma stats - Get statistics about Sigma rules database - stats sigma - Get statistics about Sigma rules database
Advanced Sigma Search Commands: Advanced Sigma Search Commands:
- search sigma rules where title contains "ransomware" - Search by title - search sigma where title contains "ransomware" - Search by title
- search sigma rules where tags include privilege_escalation - Search by tags - search sigma where tags include privilege_escalation - Search by tags
- search sigma rules where logsource.category == "process_creation" - Search by log source - search sigma where logsource.category == "process_creation" - Search by log source
- search sigma rules where modified after 2024-01-01 - Search by modification date - search sigma where modified after 2024-01-01 - Search by modification date
- exit or quit - Exit the CLI - exit or quit - Exit the CLI

5
src/handlers/sigma/sigma_details_handler.js
View file

@ -8,7 +8,6 @@ const logger = require('../../utils/logger');
const { handleError } = require('../../utils/error_handler'); const { handleError } = require('../../utils/error_handler');
const { getSigmaRuleDetails, getSigmaRuleYaml } = require('../../services/sigma/sigma_details_service'); const { getSigmaRuleDetails, getSigmaRuleYaml } = require('../../services/sigma/sigma_details_service');
const { getSigmaRuleDetailsBlocks } = require('../../blocks/sigma/sigma_details_block'); const { getSigmaRuleDetailsBlocks } = require('../../blocks/sigma/sigma_details_block');
const { formatSigmaDetails } = require('../../utils/cli_formatters');
const { getFileName } = require('../../utils/file_utils'); const { getFileName } = require('../../utils/file_utils');
const FILE_NAME = getFileName(__filename); const FILE_NAME = getFileName(__filename);
@ -77,8 +76,8 @@ const handleCommand = async (command, respond) => {
// Return the response with both blocks for Slack and responseData for CLI // Return the response with both blocks for Slack and responseData for CLI
await respond({ await respond({
blocks: blocks, // For Slack blocks: blocks, // For Slack interface
responseData: sigmaRuleDetailsResult.explanation, // For CLI responseData: sigmaRuleDetailsResult.explanation, // For CLI interface
response_type: 'in_channel' response_type: 'in_channel'
}); });
} catch (error) { } catch (error) {

12
src/lang/command_patterns.js
View file

@ -17,20 +17,12 @@
const commandPatterns = [ const commandPatterns = [
// Sigma details patterns // Sigma details patterns
{ {
name: 'sigma-details-direct', name: 'sigma-details',
regex: /^(explain|get|show|display|details|info|about)\s+(rule|detection)\s+(from\s+)?sigma\s+(where\s+)?(id=|id\s+is\s+|with\s+id\s+)(.+)$/i, regex: /^sigma\s+(details|info|about)\s+(.+)$/i,
action: 'details',
module: 'sigma',
params: [6] // rule ID is in capturing group 6
},
{
name: 'sigma-details-simple',
regex: /^(details|explain)\s+(.+)$/i,
action: 'details', action: 'details',
module: 'sigma', module: 'sigma',
params: [2] // rule ID is in capturing group 2 params: [2] // rule ID is in capturing group 2
}, },
// Sigma search patterns // Sigma search patterns
{ {
name: 'sigma-search', name: 'sigma-search',