[Oisf-users] Automate Suricata.yaml file settings

Peter Manev petermanev at gmail.com
Fri Jun 12 07:21:10 UTC 2015


On Thu, Jun 11, 2015 at 7:00 PM, Jacob King <jake at hootsuite.com> wrote:
> Hey guys,
>
> We use Ansible for our deployment and rule management with Suricata, and it
> has proved excellent for our needs.
>

+1 for Ansible and Pyhton

> one of my Co-Op students wrote a blog post on how you can use Ansible to
> deploy the same configuration and customized rules to a bunch of IDS hosts,
> simply by adding the hosts to the Ansible inventory.
>
> http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/
>
> Checkout the link, and fee free to email me if you would like help with
> using Ansible to manage Suricata deploys + config files.
>
> Jake.
>
>
>
>
> On Thu, Jun 11, 2015 at 9:37 AM, Alan Wanderley dos Santos
> <alan.santos at rnp.br> wrote:
>>
>> Hi,
>>
>> If tha configs will be the same for all instances, i think that puppet
>> work's fine for this. Other option is de CFEngine.
>>
>> In our project, i'm bulding my own scripts to do the automatic updates on
>> suricatas file's conf.
>>
>> We choose that way because we have some particulars configs on each
>> suricata instance.
>>
>> PS: sorry for my english mistakes.
>>
>> Regards,
>>
>> -----------------------------------------------
>> Alan Santos
>> Analista de Segurança
>> Centro de Atendimento a Incidentes de Segurança (CAIS)
>> Rede Nacional de Ensino e Pesquisa (RNP)
>> (19) 3787-3314 | alan.santos at rnp.br
>>
>> ________________________________
>> De: "Saxena, Samiksha" <samiksha.saxena at verizon.com>
>> Para: oisf-users at lists.openinfosecfoundation.org
>> Enviadas: Quinta-feira, 11 de junho de 2015 12:32:47
>> Assunto: [Oisf-users] Automate Suricata.yaml file settings
>>
>> Hi,
>>
>> I have multiple suricata instances running on different servers. Is there
>> a way I can automate the suricata configuration on all the servers at once?
>> Also, how can I apply the same configuration on all suricata instances?
>>
>> Thanks
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list