forked from markuskont/go-sigma-rule-engine
/
main.go
49 lines (45 loc) · 1 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package main
import (
"bufio"
"encoding/json"
"flag"
"log"
"os"
"strings"
"github.com/AnthonyAspen/go-sigma-rule-engine"
"github.com/markuskont/datamodels"
)
var (
flagRuleSetPath = flag.String("path-ruleset", "", "Root folders for Sigma rules. Semicolon delimits paths.")
)
func main() {
flag.Parse()
if *flagRuleSetPath == "" {
log.Fatal("ruleset path not configured")
}
ruleset, err := sigma.NewRuleset(sigma.Config{
Directory: strings.Split(*flagRuleSetPath, ";"),
})
if err != nil {
log.Fatal(err)
}
scanner := bufio.NewScanner(bufio.NewReader(os.Stdin))
output := os.Stdout
loop:
for scanner.Scan() {
var obj datamodels.Map
if err := json.Unmarshal(scanner.Bytes(), &obj); err != nil {
log.Println(err)
continue loop
}
if results, ok := ruleset.EvalAll(obj); ok && len(results) > 0 {
obj["sigma_results"] = results
encoded, err := json.Marshal(obj)
if err != nil {
log.Println(err)
continue loop
}
output.Write(append(encoded, []byte("\n")...))
}
}
}