[Oisf-users] Automate Suricata.yaml file settings
Alan Wanderley dos Santos
alan.santos at rnp.br
Thu Jun 11 17:43:54 UTC 2015
Hi Jacob,
Very interesting post.
I found this link with a comparison of open source configuration management software:
http://en.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software
Anyway, we use our own scripts because we have specific networks on each instance, so, the HOME_NET (and others) variable is custom for each custumer. I think that is important for better assertiveness in matching rules.
Best regards,
-----------------------------------------------
Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br
De: "Jacob King" <jake at hootsuite.com>
Para: "Alan Wanderley dos Santos" <alan.santos at rnp.br>
Cc: "Saxena, Samiksha" <samiksha.saxena at verizon.com>, oisf-users at lists.openinfosecfoundation.org
Enviadas: Quinta-feira, 11 de junho de 2015 14:00:07
Assunto: Re: [Oisf-users] Automate Suricata.yaml file settings
Hey guys,
We use Ansible for our deployment and rule management with Suricata, and it has proved excellent for our needs.
one of my Co-Op students wrote a blog post on how you can use Ansible to deploy the same configuration and customized rules to a bunch of IDS hosts, simply by adding the hosts to the Ansible inventory.
http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/
Checkout the link, and fee free to email me if you would like help with using Ansible to manage Suricata deploys + config files.
Jake.
On Thu, Jun 11, 2015 at 9:37 AM, Alan Wanderley dos Santos < alan.santos at rnp.br > wrote:
Hi,
If tha configs will be the same for all instances, i think that puppet work's fine for this. Other option is de CFEngine.
In our project, i'm bulding my own scripts to do the automatic updates on suricatas file's conf.
We choose that way because we have some particulars configs on each suricata instance.
PS: sorry for my english mistakes.
Regards,
-----------------------------------------------
Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br
De: "Saxena, Samiksha" < samiksha.saxena at verizon.com >
Para: oisf-users at lists.openinfosecfoundation.org
Enviadas: Quinta-feira, 11 de junho de 2015 12:32:47
Assunto: [Oisf-users] Automate Suricata.yaml file settings
Hi,
I have multiple suricata instances running on different servers. Is there a way I can automate the suricata configuration on all the servers at once? Also, how can I apply the same configuration on all suricata instances?
Thanks
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150611/40fadb5e/attachment-0002.html>
More information about the Oisf-users
mailing list