shows new highlighted fields from imported sysmon

Infinit3i · Infinit3i · commit d2a3bb7ebd43 · 2026-03-08T21:18:13.000-04:00
diff --git a/gui/rule_editor.py b/gui/rule_editor.py
@@ -7,8 +7,10 @@
     QLineEdit,
     QPushButton,
     QListWidget,
+    QListWidgetItem,
 )
 from models.sysmon_config import RuleFilter, SysmonConfig
+from PySide6.QtGui import QColor
 
 
 class RuleEditor(QWidget):
@@ -113,7 +115,12 @@ def refresh_rules(self) -> None:
                     f"{rule.condition} | "
                     f"{rule.value}"
                 )
-                self.rule_list.addItem(rule_text)
+                item = QListWidgetItem(rule_text)
+
+                if not rule.imported:
+                    item.setBackground(QColor("#ffe6cc"))  # light orange
+
+                self.rule_list.addItem(item)
                 self.displayed_rules.append((event_id, rule_index))
 
     def add_rule(self) -> None:
diff --git a/importers/xml_importer.py b/importers/xml_importer.py
@@ -31,6 +31,7 @@ def extract_rules_from_node(
                 field_name=field_name,
                 condition=condition,
                 value=value,
+                imported=True,
             )
         )
 
diff --git a/models/sysmon_config.py b/models/sysmon_config.py
@@ -8,6 +8,7 @@ class RuleFilter:
     field_name: str
     condition: str
     value: str
+    imported: bool = False
 
 
 @dataclass
