[Oisf-users] Suricata rule deployment

Saxena, Samiksha samiksha.saxena at verizon.com
Thu Jul 16 17:23:11 UTC 2015


Can I use puppet/ansible to install rules on central server and then push it with an script or just copy the rules on each suricata instance?


From: Alan Wanderley dos Santos <alan.santos at rnp.br<mailto:alan.santos at rnp.br>>
Date: Tuesday, July 14, 2015 at 8:35 AM
To: "Saxena, Samiksha" <samiksha.saxena at one.verizon.com<mailto:samiksha.saxena at one.verizon.com>>
Cc: "oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>" <oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>>
Subject: Re: [Oisf-users] Suricata rule deployment

Hi,

I did a master server with a web gui interface. So, is possible deploy rules updates (.tar.gz files) on this web gui. The engines have a shell script that download and deploy on each suricata instance. We chose do that way because some reasons:

* We have some particulars rules and there are rules with "false positive" (i don't know with this is the better word).
* Make the deploy process user-friendly.
* We don't have control on suricata instances. Each admin have control (user-level) on your own instance.

Sorry for my english mistakes.

Best Regards,

-----------------------------------------------
Alan Santos
Analista de Seguran├ža
Centro de Atendimento a Incidentes de Seguran├ža (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br<mailto:alan.santos at rnp.br>

________________________________
De: "Saxena, Samiksha" <samiksha.saxena at verizon.com<mailto:samiksha.saxena at verizon.com>>
Para: "oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>" <oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>>
Enviadas: Sexta-feira, 10 de julho de 2015 17:06:04
Assunto: [Oisf-users] Suricata rule deployment

Hi,

I have a question about Suricata rules push. I am thinking to use Okinmaster to install rules. Is there a way to have a centrailzed server to install all the rules and distribute to all the suricata instances?

Thanks

_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150716/197cdb80/attachment-0002.html>


More information about the Oisf-users mailing list