Add bindings for sigma repos

salt/soc/config.sls

@@ -9,7 +9,14 @@
 include:
   - manager.sync_es_users
 
-socdirtest:
+sigmarepodir:
+  file.directory:
+    - name: /opt/so/conf/sigma/repos
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+socdirelastaertrules:
   file.directory:
     - name: /opt/so/rules/elastalert/rules
     - user: 939

salt/soc/defaults.yaml

@@ -1185,10 +1185,11 @@ soc:
           communityRulesImportFrequencySeconds: 86400
           denyRegex: ''
           elastAlertRulesFolder: /opt/sensoroni/elastalert
+          reposFolder: /opt/sensoroni/sigma/repos
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
           rulesRepos:
           - repo: https://github.com/Security-Onion-Solutions/securityonion-resources
-            license: DRL
+            license: Elastic-2.0
             folder: sigma/stable
           sigmaRulePackages:
             - core

salt/soc/enabled.sls

@@ -24,6 +24,7 @@ so-soc:
     - binds:
       - /nsm/rules:/nsm/rules:rw
       - /opt/so/conf/strelka:/opt/sensoroni/yara:rw
+      - /opt/so/conf/sigma:/opt/sensoroni/sigma:rw
       - /opt/so/rules/elastalert/rules:/opt/sensoroni/elastalert:rw
       - /opt/so/conf/soc/fingerprints:/opt/sensoroni/fingerprints:rw
       - /nsm/soc/jobs:/opt/sensoroni/jobs:rw