Filter STAR rules to Library only (creator @sentinelone.com)

load-star-rules now defaults to library_only=true, filtering rules where
the creator email ends in @sentinelone.com. Custom tenant rules are excluded
by default. Pass ?library_only=false to load all rules.
Button label updated to "Load Library STAR Rules" to make intent clear.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/routers/coverage.py

@@ -40,13 +40,19 @@ def _star_query_texts(rule: dict) -> list[str]:
 
 
 @router.post("/load-star-rules")
-async def load_star_rules(db: Session = Depends(get_db)):
+async def load_star_rules(library_only: bool = True, db: Session = Depends(get_db)):
-    """Fetch STAR rules from SentinelOne and index their fields."""
+    """Fetch STAR rules from SentinelOne and index their fields.
+    By default loads only Library rules (creator @sentinelone.com).
+    Pass library_only=false to include custom tenant rules as well.
+    """
     try:
         rules = await s1_client.get_star_rules()
     except Exception as e:
         raise HTTPException(502, f"S1 API error: {e}")
 
+    if library_only:
+        rules = [r for r in rules if str(r.get("creator", "")).lower().endswith("@sentinelone.com")]
+
     # Replace all existing STAR rules cleanly to avoid duplicate key errors
     db.query(ParsedRule).filter_by(rule_type="star").delete()
     db.flush()

frontend/index.html

@@ -151,7 +151,7 @@ function renderCoverage() {
       </div>
       <div class="flex gap-2 flex-wrap justify-end">
         <button id="btn-sync" onclick="cvSyncSources()" class="px-3 py-1.5 text-sm bg-blue-700 hover:bg-blue-600 rounded-lg text-white">Sync Live Sources</button>
-        <button id="btn-star" onclick="loadStar()" class="px-3 py-1.5 text-sm bg-purple-700 hover:bg-purple-600 rounded-lg text-white">Load STAR Rules</button>
+        <button id="btn-star" onclick="loadStar()" class="px-3 py-1.5 text-sm bg-purple-700 hover:bg-purple-600 rounded-lg text-white">Load Library STAR Rules</button>
         <button id="btn-sdl-parsers" onclick="loadSDLParsers()" class="px-3 py-1.5 text-sm bg-purple-700 hover:bg-purple-600 rounded-lg text-white">Load SDL Parsers</button>
         <button onclick="document.getElementById('f-parser').click()" class="px-3 py-1.5 text-sm bg-gray-700 hover:bg-gray-600 rounded-lg text-white">Upload Parser</button>
         <button onclick="cvReset()" class="px-3 py-1.5 text-sm bg-red-900/60 hover:bg-red-800 rounded-lg text-red-300">Reset</button>
@@ -187,7 +187,7 @@ async function loadStar() {
   document.getElementById('cv-err').innerHTML = ''
   try { await apiPost('/api/coverage/load-star-rules', {}); cvLoad() }
   catch(e) { document.getElementById('cv-err').innerHTML = errBox(e.message) }
-  finally { setBtn('btn-star', false, 'Load STAR Rules') }
+  finally { setBtn('btn-star', false, 'Load Library STAR Rules') }
 }
 
 async function cvUploadSigma(files) {