Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
dougburks
commented
4 years ago
Reference: https://www.reddit.com/r/securityonion/comments/hv9xjw/20_suricata_rule_never_be_updated_by_cron_job/
so-rule-updateworks fine when run interactively. However, when running from cron job,/opt/so/log/idstools/download.logshows:We need to change docker options so that it doesn't require an interactive TTY.