fylgja/src/utils/os_emojis.js

/**
 * os_emojis.js
 *
 * Provides emoji mappings for different products/platforms in Sigma rules
 */

/**
 * Get the appropriate emoji for a product
 * @param {string} product - The product/platform name
 * @returns {string} - The corresponding emoji string
 */
const getProductEmoji = (product) => {
    if (!product) return '';
    
    const productLower = product.toLowerCase();
    
    // Mapping of products to their respective emojis
    const emojiMap = {
      'aws': ':cloud:',
      'azure': ':cloud:',
      'bitbucket': ':bucket:',
      'cisco': ':satellite_antenna:',
      'django': ':snake:',
      'dns': ':globe_with_meridians:',
      'fortios': ':shield:',
      'gcp': ':cloud:',
      'github': ':octocat:',
      'huawei': ':satellite_antenna:',
      'juniper': ':satellite_antenna:',
      'jvm': ':coffee:',
      'kubernetes': ':wheel_of_dharma:',
      'linux': ':penguin:',
      'm365': ':envelope:',
      'macos': ':apple:',
      'modsecurity': ':shield:',
      'nodejs': ':green_heart:',
      'okta': ':key:',
      'onelogin': ':key:',
      'opencanary': ':bird:',
      'paloalto': ':shield:',
      'python': ':snake:',
      'qualys': ':mag:',
      'rpc_firewall': ':fire_extinguisher:',
      'ruby_on_rails': ':gem:',
      'spring': ':leaves:',
      'sql': ':floppy_disk:',
      'velocity': ':zap:',
      'windows': ':window:',
      'zeek': ':eyes:'
    };
    
    // Check if the product is directly in our map
    for (const [key, emoji] of Object.entries(emojiMap)) {
      if (productLower.includes(key)) {
        return emoji + ' ';
      }
    }
    
    // Default emoji for unknown products
    return ':computer: ';
  };
  
  module.exports = {
    getProductEmoji
  };