bpmcdevitt/auto_sigma_rule_generator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
auto_sigma_rule_generator/cli
History
Exact
bpmcdevitt de30d4ce99 CLEANUP: Remove legacy web application components and streamline for CLI-first architecture 
This commit completes the transformation to a CLI-first SIGMA rule generator by removing all legacy web application components:

REMOVED COMPONENTS:
- Frontend React application (frontend/ directory)
- Docker Compose web orchestration (docker-compose.yml, Dockerfiles)
- FastAPI web backend (main.py, celery_config.py, bulk_seeder.py)
- Web-specific task schedulers and executors
- Initialization scripts for web deployment (start.sh, init.sql, Makefile)

SIMPLIFIED ARCHITECTURE:
- Created backend/database_models.py for migration-only database access
- Updated CLI commands to use simplified database models
- Retained core processing modules (sigma generator, PoC clients, NVD processor)
- Fixed import paths in CLI migration and process commands

The application now operates as a streamlined CLI tool with file-based SIGMA rule storage,
eliminating web application complexity while maintaining all core CVE processing capabilities.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-21 13:24:38 -05:00
..
commands CLEANUP: Remove legacy web application components and streamline for CLI-first architecture 2025-07-21 13:24:38 -05:00
README.md MAJOR: Transform web application to professional CLI-based SIGMA rule generator 2025-07-21 13:11:03 -05:00
requirements.txt MAJOR: Transform web application to professional CLI-based SIGMA rule generator 2025-07-21 13:11:03 -05:00
sigma_cli.py MAJOR: Transform web application to professional CLI-based SIGMA rule generator 2025-07-21 13:11:03 -05:00

README.md

SIGMA CLI - CVE-SIGMA Auto Generator

A command-line interface for processing CVEs and generating SIGMA detection rules in a file-based directory structure.

Quick Start

# Make CLI executable
chmod +x cli/sigma_cli.py

# Initialize configuration
./cli/sigma_cli.py config-init

# Migrate data from existing database (if applicable)
./cli/sigma_cli.py migrate from-database

# Process CVEs for a specific year
./cli/sigma_cli.py process year 2024

# Generate rules for a specific CVE
./cli/sigma_cli.py generate cve CVE-2024-0001

# Search CVEs
./cli/sigma_cli.py search cve "buffer overflow"

# View statistics
./cli/sigma_cli.py stats overview

# Export rules
./cli/sigma_cli.py export sigma ./output/rules

Directory Structure

auto_sigma_rule_generator/
├── cves/
│   ├── 2024/
│   │   ├── CVE-2024-0001/
│   │   │   ├── metadata.json
│   │   │   ├── rule_template.sigma
│   │   │   ├── rule_llm_openai.sigma
│   │   │   └── poc_analysis.json
│   │   └── CVE-2024-0002/...
│   └── 2023/...
├── cli/
│   ├── sigma_cli.py (main CLI)
│   ├── commands/ (command modules)
│   └── config/ (CLI configuration)
└── reports/ (generated reports)

Available Commands

Process Commands

  • process year <year> - Process all CVEs for a year
  • process cve <cve-id> - Process specific CVE
  • process bulk - Bulk process multiple years
  • process incremental - Process recent changes

Generate Commands

  • generate cve <cve-id> - Generate rules for CVE
  • generate regenerate - Regenerate existing rules

Search Commands

  • search cve <pattern> - Search CVEs
  • search rules <pattern> - Search SIGMA rules

Statistics Commands

  • stats overview - General statistics
  • stats poc - PoC coverage statistics
  • stats rules - Rule generation statistics

Export Commands

  • export sigma <dir> - Export SIGMA rules
  • export metadata <file> - Export CVE metadata

Migration Commands

  • migrate from-database - Migrate from web app database
  • migrate validate - Validate migrated data

Configuration

Edit ~/.sigma-cli/config.yaml to configure API keys and settings:

api_keys:
  nvd_api_key: "your-nvd-key"
  github_token: "your-github-token"
  openai_api_key: "your-openai-key"
  anthropic_api_key: "your-anthropic-key"

llm_settings:
  default_provider: "ollama"
  default_model: "llama3.2"
  ollama_base_url: "http://localhost:11434"

processing:
  default_batch_size: 50
  default_methods: ["template"]

Installation

# Install dependencies
pip install -r cli/requirements.txt

# Or if you're in a virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\\Scripts\\activate
pip install -r cli/requirements.txt

Examples

Migration from Web Application

# Migrate existing data
./cli/sigma_cli.py migrate from-database --database-url "postgresql://user:pass@localhost:5432/db"

# Validate migration
./cli/sigma_cli.py migrate validate

# Check migration statistics
./cli/sigma_cli.py stats overview

Processing CVEs

# Process a specific year with multiple methods
./cli/sigma_cli.py process year 2024 --method template --method llm

# Process a specific CVE with force regeneration
./cli/sigma_cli.py process cve CVE-2024-12345 --force

# Bulk process with specific batch size
./cli/sigma_cli.py process bulk --start-year 2020 --end-year 2024 --batch-size 100

Searching and Analysis

# Search for CVEs with specific patterns
./cli/sigma_cli.py search cve "remote code execution" --severity critical --has-poc

# Search SIGMA rules
./cli/sigma_cli.py search rules "powershell" --method llm

# Generate comprehensive statistics
./cli/sigma_cli.py stats overview --year 2024 --output ./reports/2024-stats.json

Exporting Data

# Export all SIGMA rules as YAML
./cli/sigma_cli.py export sigma ./output/sigma-rules --format yaml

# Export CVE metadata as CSV
./cli/sigma_cli.py export metadata ./reports/cve-data.csv --format csv

# Export specific year and method
./cli/sigma_cli.py export sigma ./output/2024-llm-rules --year 2024 --method llm

File Formats

metadata.json Structure

{
  "cve_info": {
    "cve_id": "CVE-2024-0001",
    "description": "...",
    "cvss_score": 9.8,
    "severity": "critical"
  },
  "poc_data": {
    "poc_count": 3,
    "poc_data": {...}
  },
  "rule_generation": {
    "template": {"generated_at": "..."},
    "llm_openai": {"generated_at": "..."}
  }
}

SIGMA Rule Files

  • rule_template.sigma - Template-based generation
  • rule_llm_openai.sigma - OpenAI LLM generation
  • rule_llm_anthropic.sigma - Anthropic LLM generation
  • rule_hybrid.sigma - Hybrid generation method

Development

The CLI is built using Click and follows a modular command structure:

  • sigma_cli.py - Main CLI entry point
  • commands/base_command.py - Base functionality
  • commands/process_commands.py - CVE processing
  • commands/migrate_commands.py - Database migration
  • commands/search_commands.py - Search functionality
  • commands/stats_commands.py - Statistics generation
  • commands/export_commands.py - Data export

Troubleshooting

Common Issues

  1. Import errors: Make sure you're running from the project root
  2. Permission errors: Ensure directories are writable
  3. Database connection: Check DATABASE_URL environment variable
  4. API limits: Configure API keys for higher rate limits

Debug Mode

# Enable verbose logging
./cli/sigma_cli.py --verbose <command>

# Check configuration
./cli/sigma_cli.py config-init