Airgap support

setup/so-functions

@@ -42,9 +42,10 @@ logCmd() {
 ### End Logging Section ###
 
 airgap_rules() {
-	# Copy the rules for suricata if using Airgap
+	# Copy the rules for detections if using Airgap
 	mkdir -p /nsm/rules
-	cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/
+	rsync -av --exclude='securityonion-resources' /root/SecurityOnion/agrules/ /nsm/rules/
+	rsync -av  /root/SecurityOnion/agrules/securityonion-resources/ /nsm/
 }
 
 add_admin_user() {