# Fylgja CLI Interface

The Fylgja CLI provides an interactive command-line interface for managing SIEM rules, similar to MySQL's CLI.

## Usage

Start the CLI interface:

```bash
npm run cli
```

Or use the direct launcher:

```bash
./fylgja-cli
```

## Features

- **Interactive Prompt**: MySQL-style prompt with command history
- **Tab Completion**: Press Tab to auto-complete commands
- **Command History**: Use Up/Down arrows to navigate previous commands
- **Formatted Output**: Table-based output formats for different commands
- **Color Coding**: Visual indicators for severity levels and result types

## Available Commands

### Basic Commands

```
search <keyword>            Search for Sigma rules by keyword
details <rule_id>           Get details about a specific Sigma rule
stats                       Get statistics about Sigma rules database
help                        Display help information
exit/quit                   Exit the CLI
clear                       Clear the terminal screen
```

### Advanced Search Commands

```
search sigma rules where title contains "ransomware"
find rules where tags include privilege_escalation
search rules where logsource.category == "process_creation"
find rules where modified after 2024-01-01
```

## Examples

```
fylgja> search rules where level is "high"
fylgja> details 5f35f6c7-80a7-4ca0-a41f-31e8ac557233
fylgja> stats
```

## Integration with Slack Bot

The CLI interface uses the same command parsing and execution logic as the Slack bot, ensuring consistency across interfaces.