mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
858166bcae
Removed some strelka/yara rules from salt. Removed yara scripts for downloading and updating rules. This will be managed by SOC. Added a new compile_yara.py script. Added the strelka repos folder.
15 lines
438 B
Python
15 lines
438 B
Python
import os
|
|
import yara
|
|
import glob
|
|
import sys
|
|
|
|
def compile_yara_rules(rules_dir: str) -> None:
|
|
compiled_rules_path: str = os.path.join(rules_dir, "rules.yar.compiled")
|
|
rule_files: list[str] = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
|
|
|
|
if rule_files:
|
|
rules: yara.Rules = yara.compile(filepaths={os.path.basename(f): f for f in rule_files})
|
|
rules.save(compiled_rules_path)
|
|
|
|
compile_yara_rules(sys.argv[1])
|