Support UI and API for vulnerability scanner rules

[ziadhany]

We need to present vulnerability scanner rules in our UI and API

[ziadhany]

For the API, we can have a separate endpoint for rules, and we can filter by rule_type , advisory_avid or rule_text contain.

• http://localhost:8000/api/v3/detection-rules

{
    "count": 13,
    "next": "http://localhost:8000/api/v3/detection-rules?page=2",
    "previous": null,
    "results": [
        {
            "rule_type": "sigma",
            "source_url": "https://raw.githubusercontent.com/SigmaHQ/sigma/refs/heads/master/rules-emerging-threats/2023/Exploits/CVE-2023-25157/web_cve_2023_25157_geoserver_sql_injection.yml",
            "rule_metadata": {
                "id": "c0341543-5ed0-4475-aabc-7eea8c52aa66",
                "date": "2023-06-14",
                "title": "Potential CVE-2023-25157 Exploitation Attempt",
                "author": "Nasreddine Bencherchali (Nextron Systems)",
                "status": "test"
            },
            "rule_text": "title: Potential CVE-2023-25157 Exploitation Attempt\nid: c0341543-5ed0-4475-aabc-7eea8c52aa66\nstatus: test\ndescription: Detects a potential exploitation attempt of CVE-2023-25157 a SQL injection in GeoServer\nreferences:\n    - [https://github.com/win3zz/CVE-2023-25157\n](https://github.com/win3zz/CVE-2023-25157%5Cn)    - [https://twitter.com/parzel2/status/1665726454489915395\n](https://twitter.com/parzel2/status/1665726454489915395%5Cn)    - [https://github.com/advisories/GHSA-7g5f-wrx8-5ccf\nauthor](https://github.com/advisories/GHSA-7g5f-wrx8-5ccf%5Cnauthor): Nasreddine Bencherchali (Nextron Systems)\ndate: 2023-06-14\ntags:\n    - attack.initial-access\n    - cve.2023-25157\n    - detection.emerging-threats\nlogsource:\n    category: webserver\ndetection:\n    selection_url:\n        cs-method: 'GET'\n        cs-uri-query|contains|all:\n            - '/geoserver/ows'\n            - 'CQL_FILTER='\n        cs-uri-query|contains:\n            # Abusable Filters/Function as reported in the Advisory\n            - 'PropertyIsLike'\n            - 'strEndsWith'\n            - 'strStartsWith'\n            - 'FeatureId'\n            - 'jsonArrayContains'\n            - 'DWithin'\n    selection_payload:\n        cs-uri-query|contains:\n            - '+--'\n            - '+AS+'\n            - '+OR+'\n            - 'FROM'\n            - 'ORDER+BY'\n            - 'SELECT'\n            - 'sleep%28'\n            - 'substring%28'\n            - 'UNION'\n            - 'WHERE'\n    condition: all of selection_*\nfalsepositives:\n    - Vulnerability scanners\nlevel: high\n",
            "advisory_avid": [
                "epss_importer_v2/CVE-2023-25157"
            ]
        }]
}

For the UI, I think the rules should have a separate URL : http://localhost:8000/rules/search/