[Oisf-users] Suricata rule deployment
Saxena, Samiksha
samiksha.saxena at verizon.com
Mon Jul 13 14:34:30 UTC 2015
Thanks Cooper for the reply.
So, can I have one central server which can download all the rules every
night from internet and push the rules to all suricata instances?
On 7/10/15, 4:15 PM, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>There are lots of ways to do this, but keep in mind it breaks the
>license agreement of the vendors that provide premium signatures. Make
>sure you are paying for a license per sensor.
>
>Anyways, you can easily have a cron job that keeps a local copy of the
>tar.gz file in sync and then use oinkmaster on each host to pull that
>copy as per the example in the conf file:
>
>> # Example to use scp to copy the rules archive from another host.
>> # Only OpenSSH is tested. See the FAQ for more information.
>> # url = scp://user@somehost.example.com:/somedir/snortrules.tar.gz
>
>Or, you can have a 'master' sensor and use rsync to keep all the other
>sensors in sync with it.
>
>- -Coop
>
>On 7/10/2015 1:06 PM, Saxena, Samiksha wrote:
>> Hi,
>>
>> I have a question about Suricata rules push. I am thinking to use
>> Okinmaster to install rules. Is there a way to have a centrailzed server
>> to install all the rules and distribute to all the suricata instances?
>>
>> Thanks
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support:
>>http://suricata-ids.org/support/
>> List:
>>https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>>http://oisfevents.net
>>
>
>
>- --
>Cooper Nelson
>Network Security Analyst
>UCSD ACT Security Team
>cnelson at ucsd.edu x41042
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.17 (MingW32)
>
>iQEcBAEBAgAGBQJVoCf+AAoJEKIFRYQsa8FWn78H/3YX6xOT7QPRfADH4eW9DzQB
>uFw/LxTqvDqh72wQDYTPdMaOX6tOOom9HxAuwujYqtjirDny4kKIYsDfRMBDathA
>Te6z/Dr+QqULiaAnJ4+xXMPap1+FfuoGX5s5rpecae522qtSbPbOy643a3wCFgfj
>sk9mrV6wyEJFYnoKik7yzE32yzsXHDRw9jUo70xndFMh3Dt530+r8ohl/GQlAOAh
>mRLjvdRV0kRFwCazjUWkM4Z7vAkRpNn+ahIgUt0yndFPXvqn6s4612i0xdfERVyr
>QZyWVowkpbykbaPOEvnSu4OnOkZRqr0rCIB7gp4zDqYx+5qHyvisLc7HHCrmwxU=
>=z4cx
>-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list