added manual entry option

adonm · Mar 17, 2024 · 8b17a99 · 8b17a99
1 parent 0872cd4
commit 8b17a99
Showing 1 changed file with 32 additions and 28 deletions.
diff --git a/apps/sigmatron.py b/apps/sigmatron.py
@@ -1,6 +1,6 @@
 import streamlit as st
 import pandas as pd
-import yaml
+import yaml, time
 from pyodide.http import pyfetch
 from pathlib import Path
 from sigma.rule import SigmaRule
@@ -15,6 +15,8 @@
 st.markdown("[stlite-apps main index](../)")
 st.markdown("## Utility to find and view sigma rules with conversions")
 
+manual_entry = st.toggle('Enter yaml manually')
+sigma_yaml = False
 
 @st.cache_data
 def load_rules(path = Path("sigma")):
@@ -45,31 +47,34 @@ def load_rules(path = Path("sigma")):
 
     return sigma_rules
 
-all_rules = load_rules()
-filters = {}
-
-with st.sidebar:
-    st.markdown("## Filters")
-    defaults = {
-        "product": "windows",
-        "category": "process_creation"
-    }
-    for name in ["tags", "product", "category", "service"]:
-        options = sorted(set().union(*(r[name] for r in all_rules)))
-        filters[name] = st.multiselect(f"{name.title()} ({len(options)} total)", options, default = defaults.get(name, []))
-
-def filter_rules(seq):
-    for rule in seq:
-        for name, option in filters.items():
-            # if a multiselect set, and any of its items in the yaml rule, return
-            if option and not set(option).intersection(set(rule[name])):
-                break
-        else:
-            yield rule
-
-rules = sorted(filter_rules(all_rules), key=lambda r: r["title"])
+if not manual_entry:
+    all_rules = load_rules()
+    filters = {}
+    with st.sidebar:
+        st.markdown("## Filters")
+        defaults = {
+            "product": "windows",
+            "category": "process_creation"
+        }
+        for name in ["tags", "product", "category", "service"]:
+            options = sorted(set().union(*(r[name] for r in all_rules)))
+            filters[name] = st.multiselect(f"{name.title()} ({len(options)} total)", options, default = defaults.get(name, []))
 
-rule = st.selectbox(f"Sigma Rule ({len(rules)} total) to display", rules, format_func=lambda r: r["title"])
+    def filter_rules(seq):
+        for rule in seq:
+            for name, option in filters.items():
+                # if a multiselect set, and any of its items in the yaml rule, return
+                if option and not set(option).intersection(set(rule[name])):
+                    break
+            else:
+                yield rule
+
+    rules = sorted(filter_rules(all_rules), key=lambda r: r["title"])
+
+    rule = st.selectbox(f"Sigma Rule ({len(rules)} total) to display", rules, format_func=lambda r: r["title"])
+    sigma_yaml = rule["path"].read_text()
+else:
+    sigma_yaml = st.text_area("YAML to convert")
 
 with st.sidebar:
     # Create backend, which automatically adds the pipeline
@@ -78,15 +83,14 @@ def filter_rules(seq):
     backend, lang = st.selectbox(f"Sigma Backend ({len(backends)} total)", backends, format_func=lambda b: f"{b[0].name} ({b[1]})")
 
 # Convert the rule
-if rule:
-    sigma_yaml = rule["path"].read_text()
+if sigma_yaml:
     sigma_rule = SigmaRule.from_yaml(sigma_yaml)
     try:
         converted = backend.convert_rule(sigma_rule)[0]
     except Exception as e:
         converted = str(e)
 else:
-    sigma_yaml = converted = "No rule selected..."
+    sigma_yaml = converted = "Nothing to convert..."
 
 # Display the conversion
 st.markdown(f"""