codeyourweb
diff --git a/‎docker-compose.yml‎
Lines changed: 1 addition & 0 deletions b/‎docker-compose.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sentinel-kit_server_backend/src/Command/ElastalertClearCommand.php‎
Lines changed: 82 additions & 0 deletions b/‎sentinel-kit_server_backend/src/Command/ElastalertClearCommand.php‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎sentinel-kit_server_backend/src/Command/ElastalertSyncCommand.php‎
Lines changed: 72 additions & 0 deletions b/‎sentinel-kit_server_backend/src/Command/ElastalertSyncCommand.php‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎sentinel-kit_server_backend/src/Command/SigmaRulesClearCommand.php‎
Lines changed: 80 additions & 0 deletions b/‎sentinel-kit_server_backend/src/Command/SigmaRulesClearCommand.php‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎sentinel-kit_server_backend/src/Command/SigmaRulesLoadCommand.php‎
Lines changed: 30 additions & 10 deletions b/‎sentinel-kit_server_backend/src/Command/SigmaRulesLoadCommand.php‎
Lines changed: 30 additions & 10 deletions
@@ -88,6 +88,7 @@ services:
       - ELASTALERT_MODE=daemon
     volumes:
       - ./data/rulesets/sigma_ruleset:/app/sigma_ruleset:ro
+      - ./config/elastalert/defaults.yml:/app/defaults.yml:ro
       - ./config/elastalert/elastalert_config.yml:/app/elastalert_config.yml:ro
       - ./config/elastalert_ruleset:/app/elastalert_ruleset
       - sentinel-kit_certificates_elasticsearch:/app/certs:ro
 
@@ -0,0 +1,82 @@
+<?php
+
+namespace App\Command;
+
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use Doctrine\ORM\EntityManagerInterface;
+use App\Entity\SigmaRule;
+
+#[AsCommand(
+    name: 'app:elastalert:clear',
+    description: 'Clear all Elastalert rules from the backend application',
+)]
+class ElastalertClearCommand extends Command
+{
+
+    private EntityManagerInterface $entityManager;
+
+    public function __construct(EntityManagerInterface $entityManager)
+    {
+        parent::__construct();
+        $this->entityManager = $entityManager;
+    }
+
+    protected function configure(): void
+    {
+        $this->addOption(
+            'force',
+            'f',
+            InputOption::VALUE_NONE,
+            'Force deletion without confirmation'
+        );
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+        $force = $input->getOption('force');
+
+        $elastalertDir = '/detection-rules/elastalert';
+        $files = glob($elastalertDir . '/*.yml');
+        $fileCount = count($files);
+
+        if (!$force) {
+            $io->warning([
+                'This command clears ALL ElastAlert rules and should ONLY be used for debugging purposes!',
+                "ElastAlert files to be deleted: $fileCount",
+                'This operation will disrupt active monitoring and alerting.',
+                'Use this command only in development or debugging scenarios.'
+            ]);
+
+            if (!$io->confirm('Are you sure you want to proceed with clearing all ElastAlert rules?', false)) {
+                $io->text('Operation cancelled.');
+                return Command::SUCCESS;
+            }
+        }
+
+        $this->clearElastalertDirectory();
+
+        $rules = $this->entityManager->getRepository(SigmaRule::class)->findAll();
+        foreach ($rules as $rule) {
+            $this->entityManager->remove($rule);
+        }
+        $this->entityManager->flush();
+
+        $io->success("$fileCount ElastAlert rules have been cleared successfully.");
+        return Command::SUCCESS;
+    }
+
+    private function clearElastalertDirectory(): void
+    {
+        $elastalertDir = '/detection-rules/elastalert';
+        $files = glob($elastalertDir . '/*.yml');
+        foreach ($files as $file) {
+            unlink($file);
+        }
+    }
+}
@@ -0,0 +1,72 @@
+<?php
+
+namespace App\Command;
+
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use Doctrine\ORM\EntityManagerInterface;
+use App\Service\ElastalertRuleValidator;
+use App\Entity\SigmaRule;
+
+#[AsCommand(
+    name: 'app:elastalert:sync',
+    description: 'Synchronize Elastalert rules from enabled sigma rules',
+)]
+class ElastalertSyncCommand extends Command
+{
+
+    private EntityManagerInterface $entityManager;
+    private ElastalertRuleValidator $elastalertValidator;
+
+    public function __construct(EntityManagerInterface $entityManager, ElastalertRuleValidator $elastalertValidator)
+    {
+        parent::__construct();
+        $this->entityManager = $entityManager;
+        $this->elastalertValidator = $elastalertValidator;
+    }
+
+    protected function configure(): void
+    {
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $this->clearElastalertDirectory();
+
+        $rules = $this->entityManager->getRepository(SigmaRule::class)->findBy(['active' => true]);
+        foreach ($rules as $rule) {
+            $e = $this->elastalertValidator->createElastalertRule($rule->getRuleLatestVersion());
+            if (isset($e['error'])) {
+                $io->error('Failed to create Elastalert rule for Sigma rule "' . $rule->getTitle() . '": ' . $e['error']);
+                $rule->setActive(false);
+                $this->entityManager->persist($rule);
+            } else {
+                $io->writeln('Elastalert rule created for Sigma rule "' . $rule->getTitle() . '" at ' . $e['filePath']);
+            }
+        }
+
+        try{
+            $this->entityManager->flush();
+        } catch (\Exception $e) {
+            $io->error('Failed to flush changes to database: ' . $e->getMessage());
+            $this->clearElastalertDirectory();
+            return Command::FAILURE;
+        }
+
+        return Command::SUCCESS;
+    }
+
+    private function clearElastalertDirectory(): void
+    {
+        $elastalertDir = '/detection-rules/elastalert';
+        $files = glob($elastalertDir . '/*.yml');
+        foreach ($files as $file) {
+            unlink($file);
+        }
+    }
+}
@@ -0,0 +1,80 @@
+<?php
+
+namespace App\Command;
+
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use Doctrine\ORM\EntityManagerInterface;
+use App\Entity\SigmaRule;
+use Symfony\Component\Console\Input\ArrayInput;
+
+#[AsCommand(
+    name: 'app:sigma:clear',
+    description: 'Clear all Sigma rules from the backend application',
+)]
+class SigmaRulesClearCommand extends Command
+{
+
+    private EntityManagerInterface $entityManager;
+
+    public function __construct(EntityManagerInterface $entityManager)
+    {
+        parent::__construct();
+        $this->entityManager = $entityManager;
+    }
+
+    protected function configure(): void
+    {
+        $this->addOption(
+            'force',
+            'f',
+            InputOption::VALUE_NONE,
+            'Force deletion without confirmation'
+        );
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+        $force = $input->getOption('force');
+
+        $rules = $this->entityManager->getRepository(SigmaRule::class)->findAll();
+        $ruleCount = count($rules);
+
+        if ($ruleCount === 0) {
+            $io->info('No Sigma rules found to clear.');
+            return Command::SUCCESS;
+        }
+
+        $io->warning([
+            'This operation will permanently delete ALL Sigma rules!',
+            "Total rules to be deleted: $ruleCount",
+            'This action is irreversible.'
+        ]);
+
+        if (!$force) {
+            if (!$io->confirm('Are you sure you want to proceed?', false)) {
+                $io->text('Operation cancelled.');
+                return Command::SUCCESS;
+            }
+        }
+
+        $syncCommand = $this->getApplication()->find('app:elastalert:clear');
+        $syncInput = new ArrayInput(['--force' => true]);
+        $syncCommand->run($syncInput, $output);
+        
+
+        foreach ($rules as $rule) {
+            $this->entityManager->remove($rule);
+        }
+
+        $this->entityManager->flush();
+
+        $io->success("$ruleCount Sigma rules have been cleared successfully.");
+        return Command::SUCCESS;
+    }
+}
@@ -5,6 +5,7 @@
 use Symfony\Component\Console\Attribute\AsCommand;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\ArrayInput;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
 use Doctrine\ORM\EntityManagerInterface;
@@ -14,6 +15,7 @@
 use App\Entity\SigmaRule;
 use App\Entity\SigmaRuleVersion;
 use App\Service\SigmaRuleValidator;
+use Symfony\Component\Console\Input\InputOption;
 
 #[AsCommand(
     name: 'app:sigma:load-rules',
@@ -33,11 +35,18 @@ public function __construct(EntityManagerInterface $entityManager, SigmaRuleVali
 
     protected function configure(): void
     {
+        $this->addOption(
+            'auto-enable',
+            null,
+            InputOption::VALUE_NONE,
+            'Automatically enable imported rules'
+        );
     }
 
     protected function execute(InputInterface $input, OutputInterface $output): int
     {
         $io = new SymfonyStyle($input, $output);
+        $autoEnable = $input->getOption('auto-enable');
 
         $directory = '/detection-rules/sigma';
 
@@ -105,10 +114,8 @@ protected function execute(InputInterface $input, OutputInterface $output): int
                     $errorCount++;
                     continue;
                 }
-
-                $finalYamlData = $validationResult['yamlData'];
 
-                $this->storeSigmaRule($completedContent, $finalYamlData, $filename, $relativePath, $io);
+                $this->storeSigmaRule(Yaml::dump($validationResult['yamlData']), $validationResult['yamlData'], $filename, $relativePath, $autoEnable, $io);
                 $processedCount++;
             } catch (ParseException $e) {
                 $io->error("YAML parse error in file " . $relativePath . ": " . $e->getMessage());
@@ -130,13 +137,27 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         $io->text("Total files processed: $processedCount");
         if ($errorCount > 0) {
             $io->text("Files with errors: $errorCount");
-            return Command::FAILURE;
-        } else {
-            $io->success("Sigma rules loaded successfully.");
         }
 
+        if ($processedCount > 0) {
+            $io->success("$processedCount Sigma rules loaded successfully.");
+            
+            $io->text("Synchronizing Elastalert rules...");
+            $syncCommand = $this->getApplication()->find('app:elastalert:sync');
+            $syncInput = new ArrayInput([]);
+            $syncReturnCode = $syncCommand->run($syncInput, $output);
+            
+            if ($syncReturnCode === Command::SUCCESS) {
+                $io->success("Elastalert synchronization completed successfully.");
+            } else {
+                $io->warning("Elastalert synchronization failed, but Sigma rules were imported successfully.");
+            }
+            
+            return ($errorCount > 0) ? Command::FAILURE : Command::SUCCESS;
+        }
 
-        return Command::SUCCESS;
+        $io->error("No rules were successfully imported.");
+        return Command::FAILURE;
     }
 
     /**
@@ -161,21 +182,20 @@ private function findYamlFiles(string $directory): array
     /**
      * Store Sigma Rule and its version into the database
      */
-    private function storeSigmaRule(string $content, array $yamlData, string $filename, string $filePath, SymfonyStyle $io): void
+    private function storeSigmaRule(string $content, array $yamlData, string $filename, string $filePath, bool $autoEnable, SymfonyStyle $io): void
     {
 
         $rule = new SigmaRule();
         $rule->setTitle($yamlData['title']);
         $rule->setDescription($yamlData['description']);
         $rule->setFilename($filename);
-        $rule->setActive(false);
+        $rule->setActive($autoEnable);
 
         $ruleVersion = new SigmaRuleVersion();
         $ruleVersion->setContent($content);
         $ruleVersion->setLevel($yamlData['level']);
         $rule->addVersion($ruleVersion);
 
-
         $r = $this->entityManager->GetRepository(SigmaRule::class)->findOneBy(['title' => $yamlData['title']]);
         if ($r) {
             $io->warning(sprintf('Rule with title "%s" already exists in database', $yamlData['title']));