Cyber Security Installation
Module Installation
For the correct operation of the Cyber Security module, it must be installed on all nodes used in SAF. These include the following system components:
SA Data Storage
SA Master Node
To install the Cyber Security module, the saf-content-installer
module must be installed (it is included in the basic package). You can check its presence through the developer console (Main Menu
- System Settings
- Dev Console
) by executing the command:
GET _cat/plugins
You need to run the following command to install the plugin SAFCyberSecurity
:
sudo -u opensearch /app/opensearch-dashboards/bin/opensearch-dashboards-plugin install file://<path to the module archive>
After installing the module, you need to perform the actions listed in the article Plugin Management.
Content Installation
The Cyber Security module is a content module. In the SA web interface go to the Main Menu
- System Settings
- Management
- General
- Content Management
. Select or drag and drop archive with module's content. And choose the components you want to install:
Specify the permissions for the components selected in the previous steps:
The installation of the Cyber Security module is complete. The module update process occurs in a similar manner.
More detailed information can be found in the section Object Selection.
Adding Sigma Rules to the Menu
To view Sigma rules in the navigation menu, open the main menu: Menu Menu
- System Settings
- Module Settings
- General
- Menu Settings
. Click the Add Module
button.
Fill in the module fields as follows:
Field Name | Content |
---|---|
Type of element | Group |
Module Name | Sigma rules |
Module Tittle | sigma-rules |
Enable Display | Yes, the flag must be enabled |
Inside the Sigma Rules
module, click the Add section
button.
Fill in the section fields as follows:
Field Name | Content |
---|---|
Type of element | Page |
Module Name | |
Module Tittle | List of rules |
Enable Display | Yes, the flag must be enabled |
Click the Save Changes
button. Configure permissions for user groups if necessary.
The menu item can also be added via a JSON structure. To do this, open: Main Menu
- System Settings
- Module Settings
- General
- Menu Settings
,
then go to the JSON Structure tab and add the following snippet to the top list (separated by a comma if needed):
{
"itemType": "group",
"name": "sigma-rules",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "iff6f40d1-e210-11ef-b57c-6bad33908cd9",
"title": "Sigma Rules",
"enabled": true,
"sections": [
{
"itemType": "page",
"name": "",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "i0ce9b921-e211-11ef-b57c-6bad33908cd9",
"title": "Rules List",
"enabled": true
}
]
}