This repository has been archived by the owner on Aug 29, 2023. It is now read-only.
Custom threat feeds
wes edited this page Mar 14, 2020
·
3 revisions
By default, the csirtg-fm docker container contains the most recent build of rules. To get it to automatically pickup a custom myrule.yml, in the same directory you ran docker-compose up -d:
$ mkdir data/rules
$ copy myrule.yml data/rules/
$ docker-compose restart csirtg-fmYour docker-compose.yml file should already have the following volume mapping, if it doesn't add it:
csirtg-fm:
depends_on:
- cif-router
image: csirtgadgets/csirtg-fm:latest
container_name: csirtg-fm
volumes:
- ./data/fm:/var/lib/fm
- ./data/cif:/var/lib/cif
- ./data/rules:/local_rules # copy your to data/rules, they'll be picked up automaticallyYour csirtg-fm docker container will automatically pick up the rules mapped to /local_rules in its local filesystem mapping.