Cyber Security Installation
Module Installation
For the Cyber Security module to function correctly, it must be installed via the web interface (Main Menu - System Parameters - Module Settings) in Smart Monitor.
To install the Cyber Security module, the sm-content-installer plugin must be installed (it is included in the base distribution) on all Smart Monitor nodes. This applies to the following system components:
Smart Monitor Data StorageSmart Monitor Master Node
You can check its presence via the developer console (Main Menu - System Parameters - Developer Console) by executing the command:
GET _cat/plugins
You need to run the following command to install the plugin:
sudo -u opensearch /app/opensearch/bin/opensearch-plugin install file://<path_to_module>
After installing the sm-content-installer plugin, install the Cyber Security module via the web interface. Then, perform the steps outlined in the Plugin Management article.
Content Installation
The Cyber Security module is a content module. In the SM web interface go to the Main Menu - System Settings - Management - General - Content Management. Select or drag and drop archive with module's content. And choose the components you want to install:
Specify the permissions for the components selected in the previous steps:
The installation of the Cyber Security module is complete. The module update process occurs in a similar manner.
More detailed information can be found in the section Object Selection.
Adding Sigma Rules to the Menu
To view Sigma rules in the navigation menu, open the main menu: Menu Menu - System Settings - Module Settings - General - Menu Settings. Click the Add Module button.
Fill in the module fields as follows:
| Field Name | Content |
|---|---|
Type of element | Group |
Module Name | Sigma rules |
Module Tittle | sigma-rules |
Enable Display | Yes, the flag must be enabled |
Inside the Sigma Rules module, click the Add section button.
Fill in the section fields as follows:
| Field Name | Content |
|---|---|
Type of element | Page |
Module Name | |
Module Tittle | List of rules |
Enable Display | Yes, the flag must be enabled |
Click the Save Changes button. Configure permissions for user groups if necessary.
The menu item can also be added via a JSON structure. To do this, open: Main Menu - System Settings - Module Settings - General - Menu Settings,
then go to the JSON Structure tab and add the following snippet to the top list (separated by a comma if needed):
{
"itemType": "group",
"name": "sigma-rules",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "iff6f40d1-e210-11ef-b57c-6bad33908cd9",
"title": "Sigma Rules",
"enabled": true,
"sections": [
{
"itemType": "page",
"name": "",
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
},
"id": "i0ce9b921-e211-11ef-b57c-6bad33908cd9",
"title": "Rules List",
"enabled": true
}
]
}