From f8c6dc41d16ca36c83fb260b20a080d44e27ba2d Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Fri, 7 May 2021 12:34:39 -0400
Subject: [PATCH] rules

---
 scripts/services/wazuh/suricata/suricata_init.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/scripts/services/wazuh/suricata/suricata_init.sh b/scripts/services/wazuh/suricata/suricata_init.sh
index 9d14af9..97cda65 100755
--- a/scripts/services/wazuh/suricata/suricata_init.sh
+++ b/scripts/services/wazuh/suricata/suricata_init.sh
@@ -55,6 +55,16 @@ fi
 # sudo chown root:root /etc/rsyslog.d/20-suricata.conf
 # sudo systemctl restart rsyslog
 
+# rules
+pushd .
+cd /tmp
+wget https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz
+tar zxvf emerging.rules.tar.gz
+sudo -E rm /etc/suricata/rules/* -f
+sudo -E mv rules/*.rules /etc/suricata/rules/
+popd
+
+# suricata yaml
 sudo -E rm -f /etc/suricata/suricata.yaml
 sudo -E wget -O /etc/suricata/suricata.yaml http://www.branchnetconsulting.com/wazuh/suricata.yaml