From 8c5d21ce35622cc8c240e82a411045f7ffe78e44 Mon Sep 17 00:00:00 2001 From: Frikky Date: Thu, 20 Feb 2025 22:23:44 +0100 Subject: [PATCH] Update extensions.md --- docs/extensions.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/extensions.md b/docs/extensions.md index 2ca664a..ed29403 100644 --- a/docs/extensions.md +++ b/docs/extensions.md @@ -267,16 +267,18 @@ It should look like this: ExecStart=/opt/tenzir/bin/tenzir-node "--commands=web - **Control the Shuffle Tenzir node from Tenzir Cloud**: Go to [Tenzir Cloud](https://app.tenzir.com) and create a node configuration. Download the configuration file, then add the variables found in it to the following environment variables to Orborus: `TENZIR_PLUGINS__PLATFORM__API_KEY=`, `TENZIR_PLUGINS__PLATFORM__CONTROL_ENDPOINT=`, `TENZIR_PLUGINS__PLATFORM__TENANT_ID=` ### Mounting the Tenzir Sigma location into Orborus -TBD +1. You need to mount in the folder that is going to store the sigma rules, controlled from within Shuffle +2. The default location is /tmp/sigma_rules, so to mount it in, use `--volume "/tmp:/tmp"` in the Dockerfile. +3. If you end up changing the storage location, use the `SHUFFLE_STORAGE_FOLDER` environment variable with the full path. ### Running the Tenzir Detection pipeline -To run the detection pipeline, +- [Sigma Pipelines with Tenzir](https://docs.tenzir.com/tql2/operators/sigma) ### Running a sample Detection TBD ### Storing Tenzir logs in Opensearch -TBD +- [Tenzir -> Opensearch documentation](https://docs.tenzir.com/integrations/opensearch) ## KMS Shuffle by default allows you to store authentication tokens within Shuffle itself, which are encrypted in the database. Since February 2024, we additionally support the use of external KMS systems to handle authentication, which is based on [Native Actions](https://shuffler.io/docs/extensions#native-actions) and [Schemaless](https://github.com/frikky/schemaless). Native Actions run in the background to perform the "Get KMS key" action, and the run of the app is NOT stored.