59 lines
No EOL
1.5 KiB
Markdown
59 lines
No EOL
1.5 KiB
Markdown
# Fylgja CLI Interface
|
|
|
|
The Fylgja CLI provides an interactive command-line interface for managing SIEM rules, similar to MySQL's CLI.
|
|
|
|
## Usage
|
|
|
|
Start the CLI interface:
|
|
|
|
```bash
|
|
npm run cli
|
|
```
|
|
|
|
Or use the direct launcher:
|
|
|
|
```bash
|
|
./fylgja-cli
|
|
```
|
|
|
|
## Features
|
|
|
|
- **Interactive Prompt**: MySQL-style prompt with command history
|
|
- **Tab Completion**: Press Tab to auto-complete commands
|
|
- **Command History**: Use Up/Down arrows to navigate previous commands
|
|
- **Formatted Output**: Table-based output formats for different commands
|
|
- **Color Coding**: Visual indicators for severity levels and result types
|
|
|
|
## Available Commands
|
|
|
|
### Basic Commands
|
|
|
|
```
|
|
search <keyword> Search for Sigma rules by keyword
|
|
details <rule_id> Get details about a specific Sigma rule
|
|
stats Get statistics about Sigma rules database
|
|
help Display help information
|
|
exit/quit Exit the CLI
|
|
clear Clear the terminal screen
|
|
```
|
|
|
|
### Advanced Search Commands
|
|
|
|
```
|
|
search sigma rules where title contains "ransomware"
|
|
find rules where tags include privilege_escalation
|
|
search rules where logsource.category == "process_creation"
|
|
find rules where modified after 2024-01-01
|
|
```
|
|
|
|
## Examples
|
|
|
|
```
|
|
fylgja> search rules where level is "high"
|
|
fylgja> details 5f35f6c7-80a7-4ca0-a41f-31e8ac557233
|
|
fylgja> stats
|
|
```
|
|
|
|
## Integration with Slack Bot
|
|
|
|
The CLI interface uses the same command parsing and execution logic as the Slack bot, ensuring consistency across interfaces. |