move to custom rules

salt/idstools/config.sls

@@ -42,7 +42,7 @@ suricatacustomdirsfile:
 
 suricatacustomdirsurl:
   file.directory:
-    - name: /nsm/rules/detect-suricata/custom_urls
+    - name: /nsm/rules/detect-suricata/custom_temp
     - user: 939
     - group: 939
 

salt/idstools/etc/rulecat.conf

@@ -1,7 +1,8 @@
 {%- from 'vars/globals.map.jinja' import GLOBALS -%}
 {%- from 'soc/merged.map.jinja' import SOCMERGED -%}
---temp-dir=/nsm/rules/detect-suricata/custom_urls
+--suricata-version=6.0
 --merged=/opt/so/rules/nids/suri/all.rules
+--output=/nsm/rules/detect-suricata/custom_temp
 --local=/opt/so/rules/nids/suri/local.rules
 {%-   if GLOBALS.md_engine == "SURICATA" %}
 --local=/opt/so/rules/nids/suri/extraction.rules

salt/idstools/tools/sbin_jinja/so-rule-update

@@ -26,8 +26,6 @@ if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
     docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
 {%-   elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}
     docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --etpro={{ IDSTOOLSMERGED.config.oinkcode }}
-{%-   elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %}
-    docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
 {%-   endif %}
 {%- endif %}