[Oisf-users] Automate Suricata.yaml file settings

Saxena, Samiksha samiksha.saxena at verizon.com
Fri Jun 12 13:52:17 UTC 2015


Does Ansible or Puppet works with IPS?


On 6/12/15, 3:21 AM, "Peter Manev" <petermanev at gmail.com> wrote:

>On Thu, Jun 11, 2015 at 7:00 PM, Jacob King <jake at hootsuite.com> wrote:
>> Hey guys,
>>
>> We use Ansible for our deployment and rule management with Suricata,
>>and it
>> has proved excellent for our needs.
>>
>
>+1 for Ansible and Pyhton
>
>> one of my Co-Op students wrote a blog post on how you can use Ansible to
>> deploy the same configuration and customized rules to a bunch of IDS
>>hosts,
>> simply by adding the hosts to the Ansible inventory.
>>
>> http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/
>>
>> Checkout the link, and fee free to email me if you would like help with
>> using Ansible to manage Suricata deploys + config files.
>>
>> Jake.
>>
>>
>>
>>
>> On Thu, Jun 11, 2015 at 9:37 AM, Alan Wanderley dos Santos
>> <alan.santos at rnp.br> wrote:
>>>
>>> Hi,
>>>
>>> If tha configs will be the same for all instances, i think that puppet
>>> work's fine for this. Other option is de CFEngine.
>>>
>>> In our project, i'm bulding my own scripts to do the automatic updates
>>>on
>>> suricatas file's conf.
>>>
>>> We choose that way because we have some particulars configs on each
>>> suricata instance.
>>>
>>> PS: sorry for my english mistakes.
>>>
>>> Regards,
>>>
>>> -----------------------------------------------
>>> Alan Santos
>>> Analista de Seguran├ža
>>> Centro de Atendimento a Incidentes de Seguran├ža (CAIS)
>>> Rede Nacional de Ensino e Pesquisa (RNP)
>>> (19) 3787-3314 | alan.santos at rnp.br
>>>
>>> ________________________________
>>> De: "Saxena, Samiksha" <samiksha.saxena at verizon.com>
>>> Para: oisf-users at lists.openinfosecfoundation.org
>>> Enviadas: Quinta-feira, 11 de junho de 2015 12:32:47
>>> Assunto: [Oisf-users] Automate Suricata.yaml file settings
>>>
>>> Hi,
>>>
>>> I have multiple suricata instances running on different servers. Is
>>>there
>>> a way I can automate the suricata configuration on all the servers at
>>>once?
>>> Also, how can I apply the same configuration on all suricata instances?
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support:
>>>http://suricata-ids.org/support/
>>> List: 
>>>https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> Suricata User Conference November 4 & 5 in Barcelona:
>>> http://oisfevents.net
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support:
>>>http://suricata-ids.org/support/
>>> List: 
>>>https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> Suricata User Conference November 4 & 5 in Barcelona:
>>> http://oisfevents.net
>>
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support:
>>http://suricata-ids.org/support/
>> List: 
>>https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>>http://oisfevents.net
>
>
>
>-- 
>Regards,
>Peter Manev
>_______________________________________________
>Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>Suricata User Conference November 4 & 5 in Barcelona:
>http://oisfevents.net




More information about the Oisf-users mailing list