Skip to main content
Version: 5.0

Cyber Security Installation

Module Installation

For the correct operation of the Cyber Security module, it must be installed on all nodes used in SAF. These include the following system components:

  • SA Data Storage
  • SA Master Node
warning

To install the Cyber Security module, the saf-content-installer module must be installed (it is included in the basic package). You can check its presence through the developer console (Main Menu - System Settings - Dev Console) by executing the command:

GET _cat/plugins

You need to run the following command to install the plugin SAFCyberSecurity:

sudo -u opensearch /app/opensearch-dashboards/bin/opensearch-dashboards-plugin install file://<path to the module archive>

After installing the module, you need to perform the actions listed in the article Plugin Management.

Content Installation

The Cyber Security module is a content module. In the SA web interface go to the Main Menu - System Settings - Management - General - Content Management. Select or drag and drop archive with module's content. And choose the components you want to install:

Content Installation

Specify the permissions for the components selected in the previous steps:

Adding to the Menu

The installation of the Cyber Security module is complete. The module update process occurs in a similar manner.

More detailed information can be found in the section Object Selection.

Adding Sigma Rules to the Menu

To view Sigma rules in the navigation menu, open the main menu: Menu Menu - System Settings - Module Settings - General - Menu Settings. Click the Add Module button.

Fill in the module fields as follows:

Field NameContent
Type of elementGroup
Module NameSigma rules
Module Tittlesigma-rules
Enable DisplayYes, the flag must be enabled

Inside the Sigma Rules module, click the Add section button.

Fill in the section fields as follows:

Field NameContent
Type of elementPage
Module Name
Module TittleList of rules
Enable DisplayYes, the flag must be enabled

Adding Sigma Rules to the Menu

Click the Save Changes button. Configure permissions for user groups if necessary.

The menu item can also be added via a JSON structure. To do this, open: Main Menu - System Settings - Module Settings - General - Menu Settings, then go to the JSON Structure tab and add the following snippet to the top list (separated by a comma if needed):

{
"itemType": "group",
"name": "sigma-rules",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "iff6f40d1-e210-11ef-b57c-6bad33908cd9",
"title": "Sigma Rules",
"enabled": true,
"sections": [
{
"itemType": "page",
"name": "",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "i0ce9b921-e211-11ef-b57c-6bad33908cd9",
"title": "Rules List",
"enabled": true
}
]
}