The wazuh model uses configd for additional info, which makes model initialization a bit slower than usual.
When only checking if the module is used, accessing the config object saves a lot of time.
Because of the changes in #3797 the etpro-telemetry group botcc_portgrouped got renamed to "emerging-botcc_portgrouped".
This caused a double entry for
"ET open/botcc.portgrouped" when both the et-open and etpro-temetry ruleset are installed.
This PR fixes that double entry.
Avoid duplicate 3coresec and threatview_CS_c2
Tested and working properly now :
ET open/3coresec not installed
ET open/botcc not installed
ET open/botcc.portgrouped not installed
ET open/ciarmy not installed
ET open/compromised not installed
ET open/drop not installed
ET open/dshield not installed
ET open/emerging-activex not installed
ET open/emerging-adware_pup not installed
ET open/emerging-attack_response not installed
ET open/emerging-chat not installed
ET open/emerging-coinminer not installed
ET open/emerging-current_events not installed
ET open/emerging-deleted not installed
ET open/emerging-dns not installed
ET open/emerging-dos not installed
ET open/emerging-exploit not installed
ET open/emerging-exploit_kit not installed
ET open/emerging-ftp not installed
ET open/emerging-games not installed
ET open/emerging-hunting not installed
ET open/emerging-icmp not installed
ET open/emerging-icmp_info not installed
ET open/emerging-imap not installed
ET open/emerging-inappropriate not installed
ET open/emerging-info not installed
ET open/emerging-ja3 not installed
ET open/emerging-malware not installed
ET open/emerging-misc not installed
ET open/emerging-mobile_malware not installed
ET open/emerging-netbios not installed
ET open/emerging-p2p not installed
ET open/emerging-phishing not installed
ET open/emerging-policy not installed
ET open/emerging-pop3 not installed
ET open/emerging-rpc not installed
ET open/emerging-scada not installed
ET open/emerging-scan not installed
ET open/emerging-shellcode not installed
ET open/emerging-smtp not installed
ET open/emerging-snmp not installed
ET open/emerging-sql not installed
ET open/emerging-telnet not installed
ET open/emerging-tftp not installed
ET open/emerging-user_agents not installed
ET open/emerging-voip not installed
ET open/emerging-web_client not installed
ET open/emerging-web_server not installed
ET open/emerging-web_specific_apps not installed
ET open/emerging-worm not installed
ET open/threatview_CS_c2 not installed
ET open/tor not installed
This deals with the following issues that occured while performing
extensive testing:
- acme.sh processes got stuck forever
- PHP memory exhaustion
- PHP processes with high CPU usage