From e4a3cc6cb98083d52cbaf21fd23dc7f679650e50 Mon Sep 17 00:00:00 2001 From: bpmcdevitt Date: Wed, 9 Jul 2025 12:42:18 -0500 Subject: [PATCH] make nvd sync all cves, fix interpolation for templates --- backend/enhanced_sigma_generator.py | 40 ++++++++++++++++++----------- frontend/src/App.js | 2 +- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/backend/enhanced_sigma_generator.py b/backend/enhanced_sigma_generator.py index ee77c83..8d73873 100644 --- a/backend/enhanced_sigma_generator.py +++ b/backend/enhanced_sigma_generator.py @@ -223,20 +223,20 @@ class EnhancedSigmaGenerator: # Replace template placeholders replacements = { - '{{CVE_ID}}': cve.cve_id, - '{{RULE_ID}}': rule_id, - '{{TITLE}}': f"{cve.cve_id} Enhanced Detection", - '{{DESCRIPTION}}': self._generate_description(cve, poc_data), - '{{DATE}}': datetime.now().strftime('%Y/%m/%d'), - '{{LEVEL}}': self._calculate_confidence_level(cve, poc_data).lower(), - '{{REFERENCES}}': self._generate_references(cve, poc_data), - '{{TAGS}}': self._generate_tags(cve, poc_data), - '{{PROCESSES}}': self._format_indicators(combined_indicators.get('processes', [])), - '{{FILES}}': self._format_indicators(combined_indicators.get('files', [])), - '{{COMMANDS}}': self._format_indicators(combined_indicators.get('commands', [])), - '{{NETWORK}}': self._format_indicators(combined_indicators.get('network', [])), - '{{URLS}}': self._format_indicators(combined_indicators.get('urls', [])), - '{{REGISTRY}}': self._format_indicators(combined_indicators.get('registry', [])) + '{title}': f"{cve.cve_id} Enhanced Detection", + '{description}': self._generate_description(cve, poc_data), + '{rule_id}': rule_id, + '{date}': datetime.now().strftime('%Y/%m/%d'), + '{level}': self._calculate_confidence_level(cve, poc_data).lower(), + '{cve_url}': f"https://nvd.nist.gov/vuln/detail/{cve.cve_id}", + '{tags}': self._generate_tags(cve, poc_data), + '{suspicious_processes}': self._format_indicators(combined_indicators.get('processes', [])), + '{suspicious_files}': self._format_indicators(combined_indicators.get('files', [])), + '{suspicious_commands}': self._format_indicators(combined_indicators.get('commands', [])), + '{suspicious_network}': self._format_indicators(combined_indicators.get('network', [])), + '{suspicious_urls}': self._format_indicators(combined_indicators.get('urls', [])), + '{suspicious_registry}': self._format_indicators(combined_indicators.get('registry', [])), + '{suspicious_ports}': self._format_indicators(combined_indicators.get('ports', [])) } # Apply replacements @@ -344,7 +344,17 @@ class EnhancedSigmaGenerator: quality_tier = best_poc.get('quality_analysis', {}).get('quality_tier', 'poor') tags.append(f'poc.quality.{quality_tier}') - return '\\n'.join(f" - {tag}" for tag in tags) + # Return tags as a single line for first tag, then additional tags on new lines + if not tags: + return "unknown" + + if len(tags) == 1: + return tags[0] + else: + # First tag goes directly after the dash, rest are on new lines + first_tag = tags[0] + additional_tags = '\\n'.join(f" - {tag}" for tag in tags[1:]) + return f"{first_tag}\\n{additional_tags}" def _format_indicators(self, indicators: list) -> str: """Format indicators for SIGMA rule""" diff --git a/frontend/src/App.js b/frontend/src/App.js index 1515779..d8e66b9 100644 --- a/frontend/src/App.js +++ b/frontend/src/App.js @@ -221,7 +221,7 @@ function App() {

Bulk Processing