Monitor Intel feeds #9659

3isenHeiM · 2023-01-27T14:22:52Z

3isenHeiM
Jan 27, 2023

Is there a feature where SecurityOnion will alert me if it couldn't connect and updates the signatures ?
Especially for custom industry-specific feeds, it's important to know if your detection rules are still up-to-date.

Thanks !

Answered by InfosecGoon

Jan 31, 2023

I believe the Suricata container restarts whenever new rules are loaded -- would a Grafana alert that fires when so-suricata is more than X hours of uptime be high-fidelity enough for this?

View full answer

InfosecGoon · 2023-01-31T15:03:48Z

InfosecGoon
Jan 31, 2023

I believe the Suricata container restarts whenever new rules are loaded -- would a Grafana alert that fires when so-suricata is more than X hours of uptime be high-fidelity enough for this?

1 reply

3isenHeiM Jan 31, 2023
Author

The only corner case I see here is if no updates is available, the container will fetch but not restart...

Anyway thanks for the hint it seems reasonable good enough.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Monitor Intel feeds #9659

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Monitor Intel feeds #9659

Uh oh!

3isenHeiM Jan 27, 2023

Replies: 1 comment · 1 reply

Uh oh!

InfosecGoon Jan 31, 2023

Uh oh!

Uh oh!

3isenHeiM Jan 31, 2023 Author

3isenHeiM
Jan 27, 2023

Replies: 1 comment 1 reply

InfosecGoon
Jan 31, 2023

3isenHeiM Jan 31, 2023
Author