Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Hi,
I have on environment where i have one security onion 170 machine. on that I have so-suricata docker.
If i have added new rules to suricata then to reflect that rule inside the docker i need to manually do so-rule-update.
Which in turn restarts the so-suricata docker. which may be unnecessary
as mentioned in the below discussion link-
https://github.com/Security-Onion-Solutions/securityonion/discussions/5330
In that link they have mentioned that for suricata service only doing "systemctl reload suricata (ExecReload=/bin/kill -USR2 $MAINPID)"
Works as expected.
It will reload suricata rules without restart whole service and other background processes.
I want do do the same with my so-suricata docker.
But not sure how to do.
I think in above link its mentioned that securityonion team is integrating same command with so-suricata docker.
I want to know some steps related to this. How we can do that.
Please help me with that as soon as possible.
Hi, I have on environment where i have one security onion 170 machine. on that I have so-suricata docker. If i have added new rules to suricata then to reflect that rule inside the docker i need to manually do so-rule-update. Which in turn restarts the so-suricata docker. which may be unnecessary as mentioned in the below discussion link- https://github.com/Security-Onion-Solutions/securityonion/discussions/5330
In that link they have mentioned that for suricata service only doing "systemctl reload suricata (ExecReload=/bin/kill -USR2 $MAINPID)" Works as expected. It will reload suricata rules without restart whole service and other background processes. I want do do the same with my so-suricata docker. But not sure how to do. I think in above link its mentioned that securityonion team is integrating same command with so-suricata docker. I want to know some steps related to this. How we can do that. Please help me with that as soon as possible.
Thanks.