diff --git a/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml
new file mode 100644
index 000000000..bf5947c72
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+ sample_custom_decoder
+
diff --git a/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml
new file mode 100644
index 000000000..e5fb35634
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+ 5716
+ 1.1.1.1
+ sshd: authentication failed from IP 1.1.1.1.
+ authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,
+
+
+
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 88c4ad912..18f028556 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -183,6 +183,9 @@ wazuh_manager_config:
executable: 'route-null.cmd'
expect: 'srcip'
timeout_allowed: 'yes'
+ ruleset:
+ rules_path: '/etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/'
+ decoders_path: '/etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/'
rule_exclude:
- '0215-policy_rules.xml'
active_responses:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 287799a04..4c7682164 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -96,6 +96,18 @@
- config
- rules
+- name: Adding local rules files
+ copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
+ dest=/var/ossec/etc/rules/
+ owner=root
+ group=ossec
+ mode=0640
+ notify: restart wazuh-manager
+ tags:
+ - init
+ - config
+ - rules
+
- name: Installing the local_decoder.xml
template: src=var-ossec-rules-local_decoder.xml.j2
dest=/var/ossec/etc/decoders/local_decoder.xml
@@ -108,6 +120,18 @@
- config
- rules
+- name: Adding local decoders files
+ copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
+ dest=/var/ossec/etc/decoders/
+ owner=root
+ group=ossec
+ mode=0640
+ notify: restart wazuh-manager
+ tags:
+ - init
+ - config
+ - rules
+
- name: Configure the shared-agent.conf
template:
src: var-ossec-etc-shared-agent.conf.j2