Hello everyone!
I am trying to enable an additional ruleset using suricata-update
as described in the documentation. For instancse, following the official guide to enable the OISF TrafficID ruleset I am running the following commands:
sudo suricata-update update-sources
sudo suricata-update enable-source oisf/trafficid
sudo suricata-update
However, when I run suricata-update
, I get the message:
No sources configured, will use Emerging Threats Open
And it only loads rules from Emerging Threats Open, ignoring the one I tried to enable.
I verified the enabled sources using:
suricata-update list-sources --enabled
and the oisf/trafficid
appears in the list.
Environment details:
- Suricata version: 7.0.10
- suricata-update version: 1.3.4
- Operating system: Ubuntu Server 24.04 LTS
- Suricata was installed from repository
ppa:oisf/suricata-stable
Am I missing something? How can I properly enable and load additional rule sources?
Also, does anyone know of any community-maintained rulesets for services like Ruby on Rails, Ingress-NGINX, PostgreSQL, and Grafana?
Thanks in advance!