CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-22 00:43:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable state tracking for sigma refresh

Browse Source
This commit is contained in:
Josh Brower
2022-02-28 21:17:59 -05:00
parent 0cee0d5dea
commit 41a58b791a
2 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/common/tools/sbin/so-playbook-sigma-refresh
View File

@@ -17,11 +17,21 @@
. /usr/sbin/so-common
# Regenerate ElastAlert & update Plays
docker exec so-soctopus python3 playbook_play-update.py
if ! [ -f /opt/so/state/playbook_regen_plays ] || [ "$1" = "--force" ]; then
# Delete current Elastalert Rules
rm /opt/so/rules/elastalert/playbook/*.yaml
echo "Refreshing Sigma & regenerating plays... "
# Regenerate Elastalert Rules
so-playbook-sync
# Regenerate ElastAlert & update Plays
docker exec so-soctopus python3 playbook_play-update.py
# Delete current Elastalert Rules
rm /opt/so/rules/elastalert/playbook/*.yaml
# Regenerate Elastalert Rules
so-playbook-sync
# Create state file
touch /opt/so/state/playbook_regen_plays
else
printf "\nState file found, exiting...\nRerun with --force to override.\n"
fi