[Oisf-users] Automate Suricata.yaml file settings

Jacob King jake at hootsuite.com
Thu Jun 11 17:00:07 UTC 2015


Hey guys,

We use Ansible <http://www.ansible.com/home> for our deployment and rule
management with Suricata, and it has proved excellent for our needs.

one of my Co-Op students wrote a blog post on how you can use Ansible to
deploy the same configuration and customized rules to a bunch of IDS hosts,
simply by adding the hosts to the Ansible inventory.

http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/

Checkout the link, and fee free to email me if you would like help with
using Ansible to manage Suricata deploys + config files.

Jake.




On Thu, Jun 11, 2015 at 9:37 AM, Alan Wanderley dos Santos <
alan.santos at rnp.br> wrote:

> Hi,
>
> If tha configs will be the same for all instances, i think that puppet
> work's fine for this. Other option is de CFEngine.
>
> In our project, i'm bulding my own scripts to do the automatic updates on
> suricatas file's conf.
>
> We choose that way because we have some particulars configs on each
> suricata instance.
>
> PS: sorry for my english mistakes.
>
> Regards,
>
> -----------------------------------------------
> Alan Santos
> Analista de Segurança
> Centro de Atendimento a Incidentes de Segurança (CAIS)
> Rede Nacional de Ensino e Pesquisa (RNP)
> (19) 3787-3314 | alan.santos at rnp.br
>
> ------------------------------
> *De: *"Saxena, Samiksha" <samiksha.saxena at verizon.com>
> *Para: *oisf-users at lists.openinfosecfoundation.org
> *Enviadas: *Quinta-feira, 11 de junho de 2015 12:32:47
> *Assunto: *[Oisf-users] Automate Suricata.yaml file settings
>
> Hi,
>
> I have multiple suricata instances running on different servers. Is there
> a way I can automate the suricata configuration on all the servers at once?
> Also, how can I apply the same configuration on all suricata instances?
>
> Thanks
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150611/cc366545/attachment-0002.html>


More information about the Oisf-users mailing list