CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

strelka compiled rules

Browse Source
This commit is contained in:
m0duspwnens
2024-05-09 11:26:02 -04:00
parent 3a99624eb8
commit a74fee4cd0
3 changed files with 21 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/strelka/compile_yara/compile_yara.py
View File

@@ -20,7 +20,7 @@ def check_syntax(rule_file):
def compile_yara_rules(rules_dir):
compiled_dir = os.path.join(rules_dir, "compiled")
compiled_rules_path = [ os.path.join(compiled_dir, "rules.compiled"), "/opt/so/saltstack/default/salt/strelka/rules/compiled/rules.compiled" ]
compiled_rules_path = "/opt/so/saltstack/local/salt/strelka/rules/compiled/rules.compiled"
rule_files = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
files_to_compile = {}
removed_count = 0
@@ -57,9 +57,12 @@ def compile_yara_rules(rules_dir):
# Compile all remaining valid rules into a single file
if files_to_compile:
compiled_rules = yara.compile(filepaths=files_to_compile)
for path in compiled_rules_path:
compiled_rules.save(path)
print(f"All remaining rules compiled and saved into {path}")
compiled_rules.save(compiled_rules_path)
print(f"All remaining rules compiled and saved into {compiled_rules_path}")
# Remove the rules.compiled if there aren't any files to be compiled
else:
if os.path.exists(compiled_rules_path):
os.remove(compiled_rules_path)
# Print summary of compilation results
print(f"Summary: {success_count} rules compiled successfully, {removed_count} rules removed due to errors.")