From 8363877c6646c218320d45a5e5c6115552db3f3f Mon Sep 17 00:00:00 2001
From: DefensiveDepth <Josh@defensivedepth.com>
Date: Fri, 14 Jun 2024 12:41:44 -0400
Subject: [PATCH] move to custom rules

---
 salt/idstools/config.sls                      | 2 +-
 salt/idstools/etc/rulecat.conf                | 3 ++-
 salt/idstools/tools/sbin_jinja/so-rule-update | 2 --
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/salt/idstools/config.sls b/salt/idstools/config.sls
index 2a45cf526..6d4b1036e 100644
--- a/salt/idstools/config.sls
+++ b/salt/idstools/config.sls
@@ -42,7 +42,7 @@ suricatacustomdirsfile:
 
 suricatacustomdirsurl:
   file.directory:
-    - name: /nsm/rules/detect-suricata/custom_urls
+    - name: /nsm/rules/detect-suricata/custom_temp
     - user: 939
     - group: 939
 
diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 32b18e0c0..db78cec29 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,7 +1,8 @@
 {%- from 'vars/globals.map.jinja' import GLOBALS -%}
 {%- from 'soc/merged.map.jinja' import SOCMERGED -%}
---temp-dir=/nsm/rules/detect-suricata/custom_urls
+--suricata-version=6.0
 --merged=/opt/so/rules/nids/suri/all.rules
+--output=/nsm/rules/detect-suricata/custom_temp
 --local=/opt/so/rules/nids/suri/local.rules
 {%-   if GLOBALS.md_engine == "SURICATA" %}
 --local=/opt/so/rules/nids/suri/extraction.rules
diff --git a/salt/idstools/tools/sbin_jinja/so-rule-update b/salt/idstools/tools/sbin_jinja/so-rule-update
index db110abc1..da4c272dd 100755
--- a/salt/idstools/tools/sbin_jinja/so-rule-update
+++ b/salt/idstools/tools/sbin_jinja/so-rule-update
@@ -26,8 +26,6 @@ if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
     docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
 {%-   elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}
     docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --etpro={{ IDSTOOLSMERGED.config.oinkcode }}
-{%-   elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %}
-    docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
 {%-   endif %}
 {%- endif %}