From 945d2abeed29f0bdddb8b65c3d2b7e8ccf46b236 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 27 Mar 2024 16:13:30 -0400
Subject: [PATCH] Ignore more rules

---
 salt/strelka/defaults.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml
index 785510961..1616bf42e 100644
--- a/salt/strelka/defaults.yaml
+++ b/salt/strelka/defaults.yaml
@@ -1,12 +1,43 @@
 strelka:
   ignore:
     - apt_flame2_orchestrator.yar
+    - apt_apt32.yar
+    - apt_aa19_024a.yar
+    - apt_apt15.yar
+    - apt_barracuda_esg_unc4841_jun23.yar
+    - apt_bluetermite_emdivi.yar
+    - apt_danti_svcmondr.yar
+    - apt_eqgrp.yar
+    - apt_eqgrp_apr17.yar
+    - apt_greenbug.yar
+    - apt_grizzlybear_uscert.yar
+    - apt_lazarus_jun18.yar
+    - apt_mal_gopuram_apr23.yar
+    - apt_moonlightmaze.yar
+    - apt_oilrig.yar
+    - apt_oilrig_oct17.yar
+    - apt_passthehashtoolkit.yar
+    - apt_poisonivy.yar
+    - apt_winnti_burning_umbrella.yar
+    - cn_pentestset_webshells.yar
+    - crime_emotet.yar
+    - gen_fake_amsi_dll.yar
+    - gen_onenote_phish.yar
+    - apt_laudanum_webshells.yar
+    - apt_sandworm_cyclops_blink.yar
+    - cn_pentestset_scripts.yar
+    - expl_connectwise_screenconnect_vuln_feb24.yar
+    - mal_fortinet_coathanger_feb24.yar
+    - thor-hacktools.yar
+    - thor-webshells.yar
     - apt_tetris.yar
     - gen_susp_js_obfuscatorio.yar
     - gen_webshells.yar
+    - gen_vcruntime140_dll_sideloading.yar
     - generic_anomalies.yar
     - general_cloaking.yar
     - thor_inverse_matches.yar
+    - yara-rules_vuln_drivers_strict_renamed.yar
     - yara_mixed_ext_vars.yar
     - apt_apt27_hyperbro.yar
     - apt_turla_gazer.yar
@@ -18,4 +49,5 @@ strelka:
     - gen_webshells_ext_vars.yar
     - configured_vulns_ext_vars.yar
     - expl_outlook_cve_2023_23397.yar
+    - expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar
     - gen_mal_3cx_compromise_mar23.yar