Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Reference: https://www.reddit.com/r/securityonion/comments/hv9xjw/20_suricata_rule_never_be_updated_by_cron_job/
so-rule-update
works fine when run interactively. However, when running from cron job,/opt/so/log/idstools/download.log
shows:We need to change docker options so that it doesn't require an interactive TTY.