lotte/fylgja
0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions
fylgja/fylgja-cli.md
Charlotte Croce 519c87fb04 create CLI and sigma stats function in CLI
2025-04-18 17:15:41 -04:00

1.5 KiB
Raw Blame History

Fylgja CLI Interface

The Fylgja CLI provides an interactive command-line interface for managing SIEM rules, similar to MySQL's CLI.

Usage

Start the CLI interface:

npm run cli

Or use the direct launcher:

./fylgja-cli

Features

  • Interactive Prompt: MySQL-style prompt with command history
  • Tab Completion: Press Tab to auto-complete commands
  • Command History: Use Up/Down arrows to navigate previous commands
  • Formatted Output: Table-based output formats for different commands
  • Color Coding: Visual indicators for severity levels and result types

Available Commands

Basic Commands

search <keyword>            Search for Sigma rules by keyword
details <rule_id>           Get details about a specific Sigma rule
stats                       Get statistics about Sigma rules database
help                        Display help information
exit/quit                   Exit the CLI
clear                       Clear the terminal screen

Advanced Search Commands

search sigma rules where title contains "ransomware"
find rules where tags include privilege_escalation
search rules where logsource.category == "process_creation"
find rules where modified after 2024-01-01

Examples

fylgja> search rules where level is "high"
fylgja> details 5f35f6c7-80a7-4ca0-a41f-31e8ac557233
fylgja> stats

Integration with Slack Bot

The CLI interface uses the same command parsing and execution logic as the Slack bot, ensuring consistency across interfaces.