From a68f55572eba02d10477e97ce9762f9562868ff8 Mon Sep 17 00:00:00 2001
From: Dylane Bengono <chaneldylanebengono@gmail.com>
Date: Thu, 5 Sep 2024 22:01:21 +0100
Subject: [PATCH] refactor: Update snort.ps1 to replace snort.conf file

---
 scripts/windows/snort.ps1 | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/scripts/windows/snort.ps1 b/scripts/windows/snort.ps1
index 62622cb..d7ebdfa 100644
--- a/scripts/windows/snort.ps1
+++ b/scripts/windows/snort.ps1
@@ -47,18 +47,18 @@ function Install-Snort {
         New-Item -ItemType Directory -Force -Path $rulesDir
     }
 
-    # Define the rules
-    $rules = @(
-        'alert icmp any any -> any any (msg:"ICMP connection attempt:"; sid:1000010; rev:1;)',
-        'alert tcp any any -> any 80 (msg:"HTTP traffic detected"; sid:1000020; rev:1;)',
-        'alert tcp any any -> any 22 (msg:"SSH traffic detected"; sid:1000030; rev:1;)',
-        'alert tcp any any -> any 21 (msg:"FTP traffic detected"; sid:1000040; rev:1;)',
-        'alert tcp any any -> any 25 (msg:"SMTP traffic detected"; sid:1000050; rev:1;)'
-        # Add more rules here...
-    )
+    # Download the local.rules file
+    $localRulesUrl = "https://raw.githubusercontent.com/ADORSYS-GIS/wazuh-snort/snortwin/scripts/windows/local.rules"
+    $localRulesPath = "$tempDir\local.rules"
+    Download-File $localRulesUrl $localRulesPath
 
-    # Write the rules to the file
-    $rules | Out-File -FilePath $rulesFile -Encoding UTF8
+    # Replace the existing local.rules file
+    if (Test-Path $localRulesPath) {
+        Copy-Item -Path $localRulesPath -Destination $rulesFile -Force
+        Write-Host "local.rules file replaced."
+    } else {
+        Write-Host "Failed to download local.rules file."
+    }
 
     # Add Snort configuration to ossec.conf
     $snortConfig = @"