Add local custom template

salt/elasticfleet/config.sls

@@ -81,14 +81,7 @@ eapackageupgrade:
     - template: jinja
 
 {%   if GLOBALS.role != "so-fleet" %}
-
-soresourcesrepoconfig:
-  git.config_set:
-    - name: safe.directory
-    - value: /nsm/securityonion-resources
-    - global: True
-    - user: socore
-
+
 {% if not GLOBALS.airgap %}
 soresourcesrepoclone:
   git.latest:

salt/manager/init.sls

@@ -141,6 +141,16 @@ rules_dir:
     - group: socore
     - makedirs: True
 
+git_config_set_safe_dirs:
+  git.config_set:
+    - name: safe.directory
+    - global: True
+    - user: socore
+    - multivar:
+      - /nsm/rules/custom-local-repos/local-sigma
+      - /nsm/rules/custom-local-repos/local-yara
+      - /nsm/securityonion-resources
+      - /opt/so/conf/soc/ai_summary_repos/securityonion-resources
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/soc/config.sls

@@ -198,6 +198,38 @@ socsensoronirepos:
     - mode: 775
     - makedirs: True
 
+create_custom_local_yara_repo_template:
+  git.present:
+    - name: /nsm/rules/custom-local-repos/local-yara
+    - bare: False
+    - force: True
+
+add_readme_custom_local_yara_repo_template:
+  file.managed:
+    - name: /nsm/rules/custom-local-repos/local-yara/README
+    - source: salt://soc/files/soc/detections_custom_repo_template_readme.jinja
+    - user: 939
+    - group: 939
+    - template: jinja
+    - context:
+        repo_type: "yara"
+
+create_custom_local_sigma_repo_template:
+  git.present:
+    - name: /nsm/rules/custom-local-repos/local-sigma
+    - bare: False
+    - force: True
+
+add_readme_custom_local_sigma_repo_template:
+  file.managed:
+    - name: /nsm/rules/custom-local-repos/local-sigma/README
+    - source: salt://soc/files/soc/detections_custom_repo_template_readme.jinja
+    - user: 939
+    - group: 939
+    - template: jinja
+    - context:
+        repo_type: "sigma"
+
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/soc/defaults.yaml

@@ -1342,11 +1342,17 @@ soc:
                 license: Elastic-2.0
                 folder: sigma/stable
                 community: true
+              - repo: file:///nsm/rules/custom-local-repos/local-sigma
+                license: Elastic-2.0
+                community: false
             airgap:
               - repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
                 license: Elastic-2.0
                 folder: sigma/stable
                 community: true
+              - repo: file:///nsm/rules/custom-local-repos/local-sigma
+                license: Elastic-2.0
+                community: false
           sigmaRulePackages:
             - core
             - emerging_threats_addon
@@ -1412,10 +1418,16 @@ soc:
               - repo: https://github.com/Security-Onion-Solutions/securityonion-yara
                 license: DRL
                 community: true
+              - repo: file:///nsm/rules/custom-local-repos/local-yara
+                license: Elastic-2.0
+                community: false
             airgap:
               - repo: file:///nsm/rules/detect-yara/repos/securityonion-yara
                 license: DRL
                 community: true
+              - repo: file:///nsm/rules/custom-local-repos/local-yara
+                license: Elastic-2.0
+                community: false
           yaraRulesFolder: /opt/sensoroni/yara/rules
           stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
           integrityCheckFrequencySeconds: 1200

salt/soc/files/soc/detections_custom_repo_template_readme.jinja

@@ -0,0 +1,46 @@
+{% if repo_type == 'yara' %}
+# YARA Local Custom Rules Repository
+
+This folder has already been initialized as a git repo 
+and your Security Onion grid is configured to import any YARA rule files found here. 
+
+Just add your rule file and commit it.
+
+For example:
+
+First, create the rule file; make sure to create the file with a .yar extension
+`sudo vi my_custom_rule.yar`
+
+Next, use git to stage the new rule to be commited:
+`sudo git add my_custom_rule.yar`
+
+Finally, commit it.
+If this is your first time making changes to this repo, you will be asked to set some configuration.
+`sudo git commit -m "Initial commit of my_custom_rule.yar"`
+
+The next time the Strelka / YARA engine syncs, the new rule should be imported
+If there are errors, review the sync log to troubleshoot further.
+
+{% elif repo_type == 'sigma' %}
+# Sigma Local Custom Rules Repository
+
+This folder has already been initialized as a git repo 
+and your Security Onion grid is configured to import any Sigma rule files found here. 
+
+Just add your rule file and commit it.
+
+For example:
+
+First, create the rule file; make sure to create the file with a .yaml|.yml extension
+`sudo vi my_custom_rule.yml`
+
+Next, use git to stage the new rule to be commited:
+`sudo git add my_custom_rule.yml`
+
+Finally, commit it.
+If this is your first time making changes to this repo, you will be asked to set some configuration.
+`sudo git commit -m "Initial commit of my_custom_rule.yml"`
+
+The next time the Elastalert / Sigma engine syncs, the new rule should be imported
+If there are errors, review the sync log to troubleshoot further.
+{% endif %}