Adding support for reading sigma rule from stdin in sigmac

tools/sigmac

@@ -54,6 +54,9 @@ def alliter(path):
             yield sub
 
 def get_inputs(paths, recursive):
+    if paths == ['-']:
+        return [sys.stdin]
+
     if recursive:
         return list(itertools.chain.from_iterable([list(alliter(pathlib.Path(p))) for p in paths]))
     else:
@@ -91,7 +94,7 @@ argparser.add_argument("--defer-abort", "-d", action="store_true", help="Don't a
 argparser.add_argument("--ignore-backend-errors", "-I", action="store_true", help="Only return error codes for parse errors and ignore errors for rules that cause backend errors. Useful, when you want to get as much queries as possible.")
 argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose")
 argparser.add_argument("--debug", "-D", action="store_true", help="Debugging output")
-argparser.add_argument("inputs", nargs="*", help="Sigma input files")
+argparser.add_argument("inputs", nargs="*", help="Sigma input files ('-' for stdin)")
 cmdargs = argparser.parse_args()
 
 if cmdargs.debug:
@@ -146,7 +149,10 @@ error = 0
 for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse):
     print_verbose("* Processing Sigma input %s" % (sigmafile))
     try:
-        f = sigmafile.open(encoding='utf-8')
+        if cmdargs.inputs == ['-']:
+            f = sigmafile
+        else:
+            f = sigmafile.open(encoding='utf-8')
         parser = SigmaCollectionParser(f, sigmaconfig, rulefilter)
         results = parser.generate(backend)
         for result in results: