Snort mailing list archives
Re: Automation tools to manage NIDS servers?
From: Jaime Nebrera <jnebrera () redborder org>
Date: Sat, 31 Jan 2015 17:56:17 +0100
Hi again, Sorry but my paragraph But all this tools lack enterprise type requirements (user roles, auditing, hierarchical environments, etc) and lack a powerful policy or rule management system Should have been But all this tools lack enterprise type requirements like user roles, auditing, hierarchical environments, etc and lack a powerful policy or rule management system The () was misplaced and the meaning could be miss understood I didn't intend to state they lack enterprise features, nor that they are not used in enterprise, but that they lack those specific enterprise features Hope this clarifies. Sorry for the misunderstanding El 31/01/2015 15:28, "Jaime Nebrera" <jnebrera () redborder org> escribió:
Hi Brian, If you want to manage a big sensor base and don't mind to work from CLI and text files either Chef or Puppet or Salt or any of those is a great choice If you want to view events, the most popular at this moment would be Snorby but has significant scalability issues Tools like Security Onion combine many of this in a ready to go system, in particular I believe they use Snorby for event management and Salt for configuration. But all this tools lack enterprise type requirements (user roles, auditing, hierarchical environments, etc) and lack a powerful policy or rule management system Please, allow me to suggest our project, redBorder.net / org. Originally based in Snorby, has been enhanced since early days to fully replace it's code base with big data technology. In essence, we store events in Hadoop and an OLAP engine after processing them through an Apache Kafka service bus. While not available yet, we are working on an intelligence layer based on Apache Storm for data enrichment, mining and correlation Probe management is done through an underlying Chef system, but is fully Web based. There is also a very powerful policy management system At this moment is limited to manage our own probes only but we are working on a more general release able to manage any barnyard2 / snort type rules environment (this includes Suricata for example) I hope Community release will be made public in about two weeks. Current public code base is SQL based and honestly, has nothing to compare to current codebase. I strongly suggest waiting those two weeks. Community release is fully open source (Affero GPL) and available for free. I'm not going to discuss in this list about the Enterprise release. We really hope this project will foster a great open source intelligence community alongside Snort. Regards El 29/01/2015 18:50, "Bryan Arenal" <b.arenal () gmail com> escribió:Hi, I was wondering what automation tools people use to manage their NIDS servers. My group uses puppet for other types of boxes but I haven't used it for my boxes. Before I go down that path, I was just curious if there's something better that others prefer. Thanks for any suggestions! Bryan ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Automation tools to manage NIDS servers? Bryan Arenal (Jan 29)
- Re: Automation tools to manage NIDS servers? Doug Burks (Jan 29)
- Re: Automation tools to manage NIDS servers? Bryan Arenal (Jan 29)
- Re: Automation tools to manage NIDS servers? Jaime Nebrera (Jan 31)
- Re: Automation tools to manage NIDS servers? Jaime Nebrera (Jan 31)
- Re: Automation tools to manage NIDS servers? Doug Burks (Jan 29)