search

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
https://securityonion.net
3.22k stars 498 forks source link

Issue related to suricata rules not updating in security onion without so-rule-update #11156

Closed mayukandale96 closed 1 year ago

mayukandale96 commented 1 year ago

Hi, I have on environment where i have one security onion 170 machine. on that I have so-suricata docker. If i have added new rules to suricata then to reflect that rule inside the docker i need to manually do so-rule-update. Which in turn restarts the so-suricata docker. which may be unnecessary as mentioned in the below discussion link- https://github.com/Security-Onion-Solutions/securityonion/discussions/5330

In that link they have mentioned that for suricata service only doing "systemctl reload suricata (ExecReload=/bin/kill -USR2 $MAINPID)" Works as expected. It will reload suricata rules without restart whole service and other background processes. I want do do the same with my so-suricata docker. But not sure how to do. I think in above link its mentioned that securityonion team is integrating same command with so-suricata docker. I want to know some steps related to this. How we can do that. Please help me with that as soon as possible.

Thanks.

dougburks commented 1 year ago

Instead of creating an issue, please start a new discussion: https://securityonion.net/discuss