[Oisf-users] Automate Suricata.yaml file settings

Alan Wanderley dos Santos alan.santos at rnp.br
Fri Jun 12 12:52:34 UTC 2015 

Hi all,

Maybe i used bad expressions to send my message. 

Build our own scripts is used for configuration AND other specific things related to our project.

Anyway, is very nice get knowledge about the others options.

To contextualize, i'm working on sensors distributed infrastructure. For management, i build a web gui where is possible deploy new rules and updates on configs on each suricata instance.

Take a look on the working mode:

admin -> post new rules or configs in the master server (with web-gui).
engines (suricata instances) -> connect on the master and get all updates.
engines uses scripts to get and parser data.

There are other infos between master and engines.

Reading all these mails i'm convinced that ansible or puppet would do the job. But, in the web-gui, we intent get reports and a lot of specific things. My option is centralize all tasks about management sensors on a single place (web-gui).

Thank's all!

Learning a lot :)

Best Regards,

-----------------------------------------------
Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br

----- Mensagem original -----
De: "David" <lists at edeca.net>
Para: oisf-users at lists.openinfosecfoundation.org
Enviadas: Quinta-feira, 11 de junho de 2015 19:38:30
Assunto: Re: [Oisf-users] Automate Suricata.yaml file settings

On 11/06/2015 18:43, Alan Wanderley dos Santos wrote:
> Anyway, we use our own scripts because we have specific networks on each
> instance, so, the HOME_NET (and others) variable is custom for each
> custumer. I think that is important for better assertiveness in matching
> rules.

You can roll out custom attributes with any configuration management system.

We use chef to distribute suricata configuration (and firewall, custom
services, etc).  HOME_NET and various variables are set on a per-host
basis where required.

David
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net

More information about the Oisf-users mailing list