Adding SIEM CONVERTER

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @GitHub-Octernships/program-manager

.github/workflows/auto-close-pr.yaml

@@ -0,0 +1,61 @@
+name: Auto Close PRs
+
+permissions:
+  contents: write
+  pull-requests: write 
+  issues: write
+
+# on:
+#   pull_request_target:
+#     types: [opened, reopened]
+
+jobs:
+  check_pr:
+    name: Check PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check if student
+        id: check_student
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            try {
+              const response = await github.rest.orgs.checkMembershipForUser({
+                org: `github-octernships`,
+                username: context.payload.pull_request.user.login
+              });
+
+              if (response.status === 204) {
+                return true;
+              } else {
+                return false;
+              }
+            } catch (error) {
+              console.log(error);
+              return 'false';
+            }
+
+      - name: Close PR
+        id: close_pr
+        if: ${{ steps.check_student.outputs.result == 'false' }}
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const body = `This pull request is being automatically closed because we do not accept external contributions to this repository. 
+            Please apply to GitHub Octernships via the [offical page](https://education.github.com/students/octernships)`;
+
+            await github.rest.issues.createComment({
+              ...context.repo,
+              issue_number: context.issue.number,
+              body: body
+            });
+
+            await github.rest.pulls.update({
+              ...context.repo,
+              pull_number: context.payload.pull_request.number,
+              state: 'closed'
+            });

backend/.gitignore

@@ -0,0 +1,2 @@
+env
+__pycache__

backend/Dockerfile

@@ -0,0 +1,13 @@
+FROM python:3.11
+
+WORKDIR /app
+
+COPY requirements.txt .
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 8000
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

backend/README.md

@@ -0,0 +1,23 @@
+# SigTrans
+
+## Backend
+
+### Project setup
+
+### Installation
+
+#### Local Setup
+
+```bash
+1. python -m venv venv
+2. source venv/bin/activate for linux || venv\Scripts\activate for windows
+3. pip install -r requirements.txt
+4. uvicorn main:app --reload
+```
+
+#### Docker Setup
+
+```bash
+1. docker build -t backend .
+2. docker run -p 8000:8000 backend
+```

backend/main.py

@@ -0,0 +1,109 @@
+import base64 # for decoding the rule
+import json
+import yaml
+
+# from typing import Union
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+# from sigma.conversion.base import Backend
+from sigma.plugins import InstalledSigmaPlugins
+from sigma.collection import SigmaCollection
+from sigma.exceptions import SigmaError
+from sigma.conversion.base import Backend
+from pydantic import BaseModel
+
+# initialize the FastAPI app
+app = FastAPI()
+
+plugins = InstalledSigmaPlugins.autodiscover()
+backends = plugins.backends
+pipeline_resolver = plugins.get_pipeline_resolver()
+pipelines = list(pipeline_resolver.list_pipelines())
+
+# writing a class for the request body
+class Item(BaseModel):
+    """A Sigma rule."""
+    rule: str
+    pipeline: list
+    target: str
+    format: str
+
+# Configure CORS settings
+origins = [
+    "*"
+]
+
+# Adding CORS middleware rules
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+def serialize_class(obj):
+    """ Serializes a class to JSON."""
+    return obj.__name__
+
+@app.get("/")
+def read_root():
+    """ Returns a list of all available backends, pipelines and formats. """
+    # create a set called formats
+    formats = []
+    pipeline_list = []
+
+    for backend in backends.keys():
+        for name, description in plugins.backends[backend].formats.items():
+            formats.append({"name": name, "backends": backend})
+
+    for name, pipeline in pipelines:
+        if len(pipeline.allowed_backends) > 0:
+            pipeline.backends = ", ".join(pipeline.allowed_backends)
+            pipeline_list.append({"name":name, "backends":pipeline.backends})
+        else:
+            pipeline.backends = "all"
+            pipeline_list.append({"name":name, "backends":pipeline.backends})
+
+    json_string = json.dumps(backends,default=serialize_class)
+    json_pipeline = json.dumps(pipeline_list)
+    formats = json.dumps(formats)
+    return {"backends":json_string,"pipelines":json_pipeline,"formats":formats}
+
+@app.post("/sigma")
+def convert(request: Item):
+    """ Converts a Sigma rule to a backend format. """
+    # get rule from the request
+    rule = str(base64.b64decode(request.rule).decode("utf-8"))
+
+    try:
+        yaml.safe_load(rule)
+    except Exception:
+        return {"error":"invalid rule"}
+
+    pipeline = []
+
+    if request.pipeline:
+        for p in request.pipeline:
+            pipeline.append(p)
+    # print(pipeline)            
+    target = request.target
+    formats = request.format
+
+    backend_class = backends[target]
+    try:
+        processing_pipeline = pipeline_resolver.resolve(pipeline)
+        backend : Backend = backend_class(processing_pipeline=processing_pipeline)
+    except Exception:
+        return "Error: Pipeline not found"
+
+    try:
+        sigma_rule = SigmaCollection.from_yaml(rule)
+        result = backend.convert(sigma_rule, formats)
+        if isinstance(result, str):
+            result = result[0]
+    except SigmaError as e:
+        return "Error: " + str(e)
+    return result
+

docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3.9'
+
+services:
+
+  web:
+    build: cd frontend && docker build -t frontend .
+    image: frontend
+    ports:
+      - "5173:5173"
+
+  api:
+    build: cd backend && docker build -t backend .
+    image: backend
+    ports:
+      - "8000:8000"

frontend/.eslintrc.cjs

@@ -0,0 +1,18 @@
+module.exports = {
+  root: true,
+  env: { browser: true, es2020: true },
+  extends: [
+    'eslint:recommended',
+    'plugin:@typescript-eslint/recommended',
+    'plugin:react-hooks/recommended',
+  ],
+  ignorePatterns: ['dist', '.eslintrc.cjs'],
+  parser: '@typescript-eslint/parser',
+  plugins: ['react-refresh'],
+  rules: {
+    'react-refresh/only-export-components': [
+      'warn',
+      { allowConstantExport: true },
+    ],
+  },
+}

frontend/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

frontend/Dockerfile

@@ -0,0 +1,20 @@
+# base image
+FROM node:alpine
+
+# set working directory
+WORKDIR /app
+
+# copy package.json to working directory
+COPY package*.json ./
+
+# install dependencies
+RUN npm install
+
+# copy everything to working directory
+COPY . .
+
+# expose port
+EXPOSE 5173
+
+# start app
+CMD ["npm", "run", "dev"]

frontend/README.md

@@ -0,0 +1,21 @@
+# SigTrans
+
+## Frontend
+
+### Project setup
+
+### Installation
+
+#### Local Setup
+
+```bash
+1. npm install
+2. npm run dev
+```
+
+#### Docker Setup
+
+```bash
+1. docker build -t frontend .
+2. docker run -p 5173:5173 frontend
+```

frontend/components.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "default",
+  "rsc": false,
+  "tsx": true,
+  "tailwind": {
+    "config": "tailwind.config.js",
+    "css": "src/index.css",
+    "baseColor": "slate",
+    "cssVariables": true
+  },
+  "aliases": {
+    "components": "@/components",
+    "utils": "@/lib/utils"
+  }
+}

frontend/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/translate.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>SigTrans</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>