Moved YAML parsing in SigmaParser class

tools/sigma.py

@@ -0,0 +1,9 @@
+# Sigma parser
+
+import yaml
+import re
+
+class SigmaParser:
+    def __init__(self, sigma):
+        self.parsedyaml = yaml.safe_load(sigma)
+

tools/sigmac.py

@@ -5,6 +5,7 @@ import sys
 import argparse
 import yaml
 import json
+from sigma import SigmaParser
 import backends
 
 def print_verbose(*args, **kwargs):
@@ -19,6 +20,7 @@ argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM s
 argparser.add_argument("--recurse", "-r", help="Recurse into subdirectories")
 argparser.add_argument("--target", "-t", default="null", choices=backends.getBackendDict().keys(), help="Output target format")
 argparser.add_argument("--target-list", "-l", action="store_true", help="List available output target formats")
+argparser.add_argument("--fieldmapping", "-f", help="File with mappings between generic Sigma field names and configured field names (format: sigma_field: field1, field2, ...)")
 argparser.add_argument("--output", "-o", help="Output file or filename prefix if multiple files are generated")
 argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose")
 argparser.add_argument("--debug", "-d", action="store_true", help="Debugging output")
@@ -34,8 +36,8 @@ for sigmafile in cmdargs.inputs:
     print_verbose("Processing Sigma input %s" % (sigmafile))
     try:
         f = open(sigmafile)
-        parsedyaml = yaml.safe_load(f)
-        print_debug(json.dumps(parsedyaml, indent=2))
+        parser = SigmaParser(f)
+        print_debug(json.dumps(parser.parsedyaml, indent=2))
     except OSError as e:
         print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)))
     except yaml.parser.ParserError as e: