[Oisf-users] Suricata rule deployment

Alan Wanderley dos Santos alan.santos at rnp.br
Tue Jul 14 12:35:14 UTC 2015


I did a master server with a web gui interface. So, is possible deploy rules updates (.tar.gz files) on this web gui. The engines have a shell script that download and deploy on each suricata instance. We chose do that way because some reasons: 

* We have some particulars rules and there are rules with "false positive" (i don't know with this is the better word). 
* Make the deploy process user-friendly. 
* We don't have control on suricata instances. Each admin have control (user-level) on your own instance. 

Sorry for my english mistakes. 

Best Regards, 

Alan Santos 
Analista de Seguran├ža 
Centro de Atendimento a Incidentes de Seguran├ža (CAIS) 
Rede Nacional de Ensino e Pesquisa (RNP) 
(19) 3787-3314 | alan.santos at rnp.br 

De: "Saxena, Samiksha" <samiksha.saxena at verizon.com> 
Para: "oisf-users at lists.openinfosecfoundation.org" <oisf-users at lists.openinfosecfoundation.org> 
Enviadas: Sexta-feira, 10 de julho de 2015 17:06:04 
Assunto: [Oisf-users] Suricata rule deployment 


I have a question about Suricata rules push. I am thinking to use Okinmaster to install rules. Is there a way to have a centrailzed server to install all the rules and distribute to all the suricata instances? 


Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org 
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/ 
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users 
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150714/93b18dfb/attachment-0002.html>

More information about the Oisf-users mailing list