make nvd sync all cves, fix interpolation for templates

backend/enhanced_sigma_generator.py

@@ -223,20 +223,20 @@ class EnhancedSigmaGenerator:
         
         # Replace template placeholders
         replacements = {
-            '{{CVE_ID}}': cve.cve_id,
-            '{{RULE_ID}}': rule_id,
-            '{{TITLE}}': f"{cve.cve_id} Enhanced Detection",
-            '{{DESCRIPTION}}': self._generate_description(cve, poc_data),
-            '{{DATE}}': datetime.now().strftime('%Y/%m/%d'),
-            '{{LEVEL}}': self._calculate_confidence_level(cve, poc_data).lower(),
-            '{{REFERENCES}}': self._generate_references(cve, poc_data),
-            '{{TAGS}}': self._generate_tags(cve, poc_data),
-            '{{PROCESSES}}': self._format_indicators(combined_indicators.get('processes', [])),
-            '{{FILES}}': self._format_indicators(combined_indicators.get('files', [])),
-            '{{COMMANDS}}': self._format_indicators(combined_indicators.get('commands', [])),
-            '{{NETWORK}}': self._format_indicators(combined_indicators.get('network', [])),
-            '{{URLS}}': self._format_indicators(combined_indicators.get('urls', [])),
-            '{{REGISTRY}}': self._format_indicators(combined_indicators.get('registry', []))
+            '{title}': f"{cve.cve_id} Enhanced Detection",
+            '{description}': self._generate_description(cve, poc_data),
+            '{rule_id}': rule_id,
+            '{date}': datetime.now().strftime('%Y/%m/%d'),
+            '{level}': self._calculate_confidence_level(cve, poc_data).lower(),
+            '{cve_url}': f"https://nvd.nist.gov/vuln/detail/{cve.cve_id}",
+            '{tags}': self._generate_tags(cve, poc_data),
+            '{suspicious_processes}': self._format_indicators(combined_indicators.get('processes', [])),
+            '{suspicious_files}': self._format_indicators(combined_indicators.get('files', [])),
+            '{suspicious_commands}': self._format_indicators(combined_indicators.get('commands', [])),
+            '{suspicious_network}': self._format_indicators(combined_indicators.get('network', [])),
+            '{suspicious_urls}': self._format_indicators(combined_indicators.get('urls', [])),
+            '{suspicious_registry}': self._format_indicators(combined_indicators.get('registry', [])),
+            '{suspicious_ports}': self._format_indicators(combined_indicators.get('ports', []))
         }
         
         # Apply replacements
@@ -344,7 +344,17 @@ class EnhancedSigmaGenerator:
             quality_tier = best_poc.get('quality_analysis', {}).get('quality_tier', 'poor')
             tags.append(f'poc.quality.{quality_tier}')
         
-        return '\\n'.join(f"    - {tag}" for tag in tags)
+        # Return tags as a single line for first tag, then additional tags on new lines
+        if not tags:
+            return "unknown"
+        
+        if len(tags) == 1:
+            return tags[0]
+        else:
+            # First tag goes directly after the dash, rest are on new lines
+            first_tag = tags[0]
+            additional_tags = '\\n'.join(f"    - {tag}" for tag in tags[1:])
+            return f"{first_tag}\\n{additional_tags}"
     
     def _format_indicators(self, indicators: list) -> str:
         """Format indicators for SIGMA rule"""

frontend/src/App.js

@@ -221,7 +221,7 @@ function App() {
         <h2 className="text-xl font-bold text-gray-900 mb-4">Bulk Processing</h2>
         <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
           <button
-            onClick={() => startBulkSeed(2020)}
+            onClick={() => startBulkSeed(2002)}
             disabled={hasRunningJobs}
             className={`px-4 py-2 rounded-md text-white ${
               hasRunningJobs