bpmcdevitt/auto_sigma_rule_generator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make nvd sync all cves, fix interpolation for templates

Browse source
This commit is contained in:
Brendan McDevitt 2025-07-09 12:42:18 -05:00
parent 455a46c88f
commit e4a3cc6cb9
2 changed files with 26 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
backend/enhanced_sigma_generator.py
View file

@ -223,20 +223,20 @@ class EnhancedSigmaGenerator:
# Replace template placeholders # Replace template placeholders
replacements = { replacements = {
'{{CVE_ID}}': cve.cve_id, '{title}': f"{cve.cve_id} Enhanced Detection",
'{{RULE_ID}}': rule_id, '{description}': self._generate_description(cve, poc_data),
'{{TITLE}}': f"{cve.cve_id} Enhanced Detection", '{rule_id}': rule_id,
'{{DESCRIPTION}}': self._generate_description(cve, poc_data), '{date}': datetime.now().strftime('%Y/%m/%d'),
'{{DATE}}': datetime.now().strftime('%Y/%m/%d'), '{level}': self._calculate_confidence_level(cve, poc_data).lower(),
'{{LEVEL}}': self._calculate_confidence_level(cve, poc_data).lower(), '{cve_url}': f"https://nvd.nist.gov/vuln/detail/{cve.cve_id}",
'{{REFERENCES}}': self._generate_references(cve, poc_data), '{tags}': self._generate_tags(cve, poc_data),
'{{TAGS}}': self._generate_tags(cve, poc_data), '{suspicious_processes}': self._format_indicators(combined_indicators.get('processes', [])),
'{{PROCESSES}}': self._format_indicators(combined_indicators.get('processes', [])), '{suspicious_files}': self._format_indicators(combined_indicators.get('files', [])),
'{{FILES}}': self._format_indicators(combined_indicators.get('files', [])), '{suspicious_commands}': self._format_indicators(combined_indicators.get('commands', [])),
'{{COMMANDS}}': self._format_indicators(combined_indicators.get('commands', [])), '{suspicious_network}': self._format_indicators(combined_indicators.get('network', [])),
'{{NETWORK}}': self._format_indicators(combined_indicators.get('network', [])), '{suspicious_urls}': self._format_indicators(combined_indicators.get('urls', [])),
'{{URLS}}': self._format_indicators(combined_indicators.get('urls', [])), '{suspicious_registry}': self._format_indicators(combined_indicators.get('registry', [])),
'{{REGISTRY}}': self._format_indicators(combined_indicators.get('registry', [])) '{suspicious_ports}': self._format_indicators(combined_indicators.get('ports', []))
} }
# Apply replacements # Apply replacements
@ -344,7 +344,17 @@ class EnhancedSigmaGenerator:
quality_tier = best_poc.get('quality_analysis', {}).get('quality_tier', 'poor') quality_tier = best_poc.get('quality_analysis', {}).get('quality_tier', 'poor')
tags.append(f'poc.quality.{quality_tier}') tags.append(f'poc.quality.{quality_tier}')
return '\\n'.join(f" - {tag}" for tag in tags) # Return tags as a single line for first tag, then additional tags on new lines
if not tags:
return "unknown"
if len(tags) == 1:
return tags[0]
else:
# First tag goes directly after the dash, rest are on new lines
first_tag = tags[0]
additional_tags = '\\n'.join(f" - {tag}" for tag in tags[1:])
return f"{first_tag}\\n{additional_tags}"
def _format_indicators(self, indicators: list) -> str: def _format_indicators(self, indicators: list) -> str:
"""Format indicators for SIGMA rule""" """Format indicators for SIGMA rule"""

2
frontend/src/App.js
View file

@ -221,7 +221,7 @@ function App() {
<h2 className="text-xl font-bold text-gray-900 mb-4">Bulk Processing</h2> <h2 className="text-xl font-bold text-gray-900 mb-4">Bulk Processing</h2>
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4"> <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
<button <button
onClick={() => startBulkSeed(2020)} onClick={() => startBulkSeed(2002)}
disabled={hasRunningJobs} disabled={hasRunningJobs}
className={`px-4 py-2 rounded-md text-white ${ className={`px-4 py-2 rounded-md text-white ${
hasRunningJobs hasRunningJobs