Delete Threat Intel directory

Threat Intel/100620-threat-intel_rules.xml

@@ -1,58 +0,0 @@
-<group name="threat_intel,">
- <rule id="100620" level="10">
-    <field name="integration">misp</field>
-    <description>MISPs</description>
-    <group>misp,</group>
-    <options>no_full_log</options>
-  </rule>
-<rule id="100621" level="5">
-    <if_sid>100620</if_sid>
-    <field name="misp.error">\.+</field>
-    <description>MISP - Error connecting to API</description>
-    <options>no_full_log</options>
-    <group>misp,misp_error,</group>
-  </rule>
-<rule id="100622" level="12">
-    <if_sid>100620</if_sid>
-    <field name="misp.category">\.+</field>
-    <description>MISP - IoC found in Threat Intel - Category: $(misp.category), Attribute: $(misp.value)</description>
-    <options>no_full_log</options>
-    <group>misp,misp_alert,</group>
-  </rule>
- <rule id="100623" level="10">
-    <field name="integration">opencti</field>
-    <description>OpenCTI</description>
-    <group>opencti,</group>
-    <options>no_full_log</options>
-  </rule>
-<rule id="100624" level="5">
-    <if_sid>100623</if_sid>
-    <field name="opencti.error">\.+</field>
-    <description>OpenCTI - Error connecting to API</description>
-    <options>no_full_log</options>
-    <group>opencti,opencti_error,</group>
-  </rule>
-<rule id="100625" level="12">
-    <if_sid>100623</if_sid>
-    <field name="opencti.id">\.+</field>
-    <description>OpenCTI - IoC found in Threat Intel - $(opencti.observable_value)</description>
-    <options>no_full_log</options>
-    <group>opencti,opencti_alert,</group>
-  </rule>
-<rule id="100650" level="12">
-  <decoded_as>json</decoded_as>
-  <field name="sections">\.+</field>
-  <field name="type">\.+</field>
-  <description>AlienVault OTX -Indicator(s) Found</description>
-  <mitre>
-   <id>T1036</id>
-  </mitre>
-  <options>no_full_log</options>
-  <group>alienvault,otx_alert,</group>
-</rule>
-<rule id="100651" level="12">
-    <field name="abuseipdb.abuse_confidence_score" type="pcre2" negate="yes">^0$</field>
-    <description>IP with $(abuseipdb.abuse_confidence_score)% confidence of abuse was connected to.</description>
-    <group>abuseipdb,abuseipdb_alert,</group>
-  </rule>
-</group>

Threat Intel/README.md

@@ -1,19 +0,0 @@
-# Threat Intel [![N|Solid](https://cdn-icons-png.flaticon.com/128/6939/6939131.png)](https://myservice.socfortress.co/explore?left=%7B%22datasource%22:%22WAZUH%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:$get_alert_id.hits.hits.#._id%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D) [![N|Solid](https://cdn-icons-png.flaticon.com/128/406/406217.png)](https://hunt.socfortress.co) [![N|Solid](https://cdn-icons-png.flaticon.com/128/4840/4840332.png)](https://servicedesk.socfortress.co/help/2979687893)
---------------------------------------------------------------
-### Threat Intel rules requires Wazuh Integration with MISP, OpenCTI, Alienvault, and AbuseIPDB. Steps for each integration can be found at the below links:
-
-
-### [MISP](https://opensecure.medium.com/wazuh-and-misp-integration-242dfa2f2e19)
-
-### [OpenCTI](https://github.com/juaromu/wazuh-opencti)
-
-### [ALIENVAULT](https://github.com/juaromu/wazuh-domain-stats-alienvault)
-
-### [ABUSEIPDB](https://socfortress.medium.com/enriching-login-attempts-with-wazuh-and-abuseipdb-2fd98c34ce23)
-
-
-<p align="center">
-  <a href="https://www.socfortress.co/">
-<img src="https://user-images.githubusercontent.com/95670863/183437012-6ed70011-b40d-4597-8678-e3d601b6cf4d.png" alt="logo_website (1)" width="400" height="400">
-  </a>
-</p>