Rules - ecrawford-0/Whids-Testing GitHub Wiki
Introduction
WHIDS utilizes gene rules.
Installing pre-made rules on the WHIDS manager
On the WHIDS manager by default the gene rules are not installed. In the config file it will specify the location of the gene rule directory
If the rules folder does not exist yet make sure to create it.
Next download the compiled rules from the gene-rules github
curl https://raw.githubusercontent.com/0xrawsec/gene-rules/master/compiled.gen -o compiled.gen
After the rules have been downloaded make sure to re-run the whids manager. Note that some rules will not be run since there are no containers specified
Run the following command to check how many rules are applied. In this case 134 rules are loaded
curl -skH "Api-key: APIKEYHERE" "http://192.168.10.20:1520/stats"
