From time to time, the Suricata rules you enable will have updates. It’s important to keep Suricata updated with these changes, so the IDS is current with attack vectors. As with antivirus you want to stay up to date with the IDS rules. Normally you would update the rules with a command like:

suricata-update

It’s unreasonable to manually do this every day or so. A better alternative is to setup the update through a regular automated process. You could perhaps use Puppet or other automated system, but in this case, I’m going to use a crontab edit, per the video below.

While watching the video by “ProTechShow”, the speaker gave a crontab rule to run Suricata updates every 6 hours. You could simply copy/paste the command below to update your the Suricata rules with your enabled sources:

0 0,6,12,18 * * * (/usr/bin/suricata-update && /usr/bin/suricatasc -c ruleset-reload-rules)

Check out his full video below, and his YT Chanel [https://www.youtube.com/@ProTechShow]