Re: Automation tools to manage NIDS servers?

[Jaime Nebrera <jnebrera () redborder org>]

Hi Brian,

If you want to manage a big sensor base and don't mind to work from CLI and
text files either Chef or Puppet or Salt or any of those is a great choice

If you want to view events, the most popular at this moment would be Snorby
but has significant scalability issues

Tools like Security Onion combine many of this in a ready to go system, in
particular I believe they use Snorby for event management and Salt for
configuration.

But all this tools lack enterprise type requirements (user roles, auditing,
hierarchical environments, etc) and lack a powerful policy or rule
management system

Please, allow me to suggest our project, redBorder.net / org. Originally
based in Snorby, has been enhanced since early days to fully replace it's
code base with big data technology.

In essence, we store events in Hadoop and an OLAP engine after processing
them through an Apache Kafka service bus. While not available yet, we are
working on an intelligence layer based on Apache Storm for data enrichment,
mining and correlation

Probe management is done through an underlying Chef system, but is fully
Web based. There is also a very powerful policy management system

At this moment is limited to manage our own probes only but we are working
on a more general release able to manage any barnyard2 / snort type rules
environment (this includes Suricata for example)

I hope Community release will be made public in about two weeks. Current
public code base is SQL based and honestly, has nothing to compare to
current codebase. I strongly suggest waiting those two weeks.

Community release is fully open source (Affero GPL) and available for free.
I'm not going to discuss in this list about the Enterprise release.

We really hope this project will foster a great open source intelligence
community alongside Snort.

Regards
El 29/01/2015 18:50, "Bryan Arenal" <b.arenal () gmail com> escribió:

> Hi,
>
> I was wondering what automation tools people use to manage their NIDS
> servers.  My group uses puppet for other types of boxes but I haven't
> used it for my boxes.
>
> Before I go down that path, I was just curious if there's something
> better that others prefer.
>
> Thanks for any suggestions!
>
> Bryan
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!