security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New message as requested.\n Only displayed on full help and when no arguments is passed

Browse Source
This commit is contained in:
David ANDRE
2022-09-09 12:24:30 +02:00
parent 5b853611fe
commit 6b9470f8e4
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/sigma/sigmac.py
+8 -5
View File
@@ -1,7 +1,6 @@
#!/usr/bin/env python3
# A Sigma to SIEM converter
# Copyright 2016-2017 Thomas Patzke, Florian Roth
import os
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
@@ -65,6 +64,12 @@ ERR_FULL_FIELD_MATCH = 90
# Allowed fields in output
allowed_fields = ["title", "id", "status", "description", "author", "references", "fields", "falsepositives", "level", "tags", "filename"]
deprecation_warning_message = colored("Sigmac will be deprecated by the end of 2022",
"red") + " in favour of sigma-cli and pySigma. Please " + colored("stop contributing backends", "red") + \
" to this tool. Limited support is offered until the end of 2023, " \
"especially for backends that haven't been migrated yet.\n "
def alliter(path):
for sub in path.iterdir():
if sub.name.startswith("."):
@@ -97,7 +102,7 @@ class ActionBackendHelp(argparse.Action):
def set_argparser():
"""Sets up and parses the command line arguments for Sigmac.
Returns the argparser"""
argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM signatures.")
argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM signatures.\n" + deprecation_warning_message, formatter_class=argparse.RawTextHelpFormatter)
argparser.add_argument("--recurse", "-r", action="store_true", help="Use directory as input (recurse into subdirectories is not implemented yet)")
argparser.add_argument("--filter", "-f", help="""
Define comma-separated filters that must match (AND-linked) to rule to be processed.
@@ -183,9 +188,6 @@ def main():
cmdargs = argparser.parse_args()
scm = SigmaConfigurationManager()
print(colored("!!! WARNING", "red"), "sigmac is deprecated in favor of", colored("sigma-cli", "green"), "using", colored("pySigma", "green"), ". Please stop contributing backends to this tool, it will be removed in 2023.")
print()
logger = logging.getLogger(__name__)
if cmdargs.debug: # pragma: no cover
logging.basicConfig(filename='sigmac.log', filemode='w', level=logging.DEBUG)
@@ -205,6 +207,7 @@ def main():
sys.exit(0)
elif len(cmdargs.inputs) == 0:
print("Nothing to do!")
print(deprecation_warning_message)
argparser.print_usage()
sys.exit(0)