From 49fa800b2b44a4d6d515f047cd8a1185cf975b1a Mon Sep 17 00:00:00 2001 From: DefensiveDepth Date: Mon, 25 Mar 2024 14:45:50 -0400 Subject: [PATCH] Add bindings for sigma repos --- salt/soc/config.sls | 9 ++++++++- salt/soc/defaults.yaml | 3 ++- salt/soc/enabled.sls | 1 + 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/salt/soc/config.sls b/salt/soc/config.sls index e4dad8df2..ad0ab1c8d 100644 --- a/salt/soc/config.sls +++ b/salt/soc/config.sls @@ -9,7 +9,14 @@ include: - manager.sync_es_users -socdirtest: +sigmarepodir: + file.directory: + - name: /opt/so/conf/sigma/repos + - user: 939 + - group: 939 + - makedirs: True + +socdirelastaertrules: file.directory: - name: /opt/so/rules/elastalert/rules - user: 939 diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 8bb180567..5e7b423cd 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1185,10 +1185,11 @@ soc: communityRulesImportFrequencySeconds: 86400 denyRegex: '' elastAlertRulesFolder: /opt/sensoroni/elastalert + reposFolder: /opt/sensoroni/sigma/repos rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint rulesRepos: - repo: https://github.com/Security-Onion-Solutions/securityonion-resources - license: DRL + license: Elastic-2.0 folder: sigma/stable sigmaRulePackages: - core diff --git a/salt/soc/enabled.sls b/salt/soc/enabled.sls index 93ca07ac8..bbe36e5b7 100644 --- a/salt/soc/enabled.sls +++ b/salt/soc/enabled.sls @@ -24,6 +24,7 @@ so-soc: - binds: - /nsm/rules:/nsm/rules:rw - /opt/so/conf/strelka:/opt/sensoroni/yara:rw + - /opt/so/conf/sigma:/opt/sensoroni/sigma:rw - /opt/so/rules/elastalert/rules:/opt/sensoroni/elastalert:rw - /opt/so/conf/soc/fingerprints:/opt/sensoroni/fingerprints:rw - /nsm/soc/jobs:/opt/sensoroni/jobs:rw