[Snort-users] Automation tools to manage NIDS servers?
jnebrera at ...16842...
Sat Jan 31 11:56:17 EST 2015
Sorry but my paragraph
But all this tools lack enterprise type requirements (user roles, auditing,
hierarchical environments, etc) and lack a powerful policy or rule
Should have been
But all this tools lack enterprise type requirements like user roles,
auditing, hierarchical environments, etc and lack a powerful policy or rule
The () was misplaced and the meaning could be miss understood
I didn't intend to state they lack enterprise features, nor that they are
not used in enterprise, but that they lack those specific enterprise
Hope this clarifies. Sorry for the misunderstanding
El 31/01/2015 15:28, "Jaime Nebrera" <jnebrera at ...16842...> escribió:
> Hi Brian,
> If you want to manage a big sensor base and don't mind to work from CLI
> and text files either Chef or Puppet or Salt or any of those is a great
> If you want to view events, the most popular at this moment would be
> Snorby but has significant scalability issues
> Tools like Security Onion combine many of this in a ready to go system, in
> particular I believe they use Snorby for event management and Salt for
> But all this tools lack enterprise type requirements (user roles,
> auditing, hierarchical environments, etc) and lack a powerful policy or
> rule management system
> Please, allow me to suggest our project, redBorder.net / org. Originally
> based in Snorby, has been enhanced since early days to fully replace it's
> code base with big data technology.
> In essence, we store events in Hadoop and an OLAP engine after processing
> them through an Apache Kafka service bus. While not available yet, we are
> working on an intelligence layer based on Apache Storm for data enrichment,
> mining and correlation
> Probe management is done through an underlying Chef system, but is fully
> Web based. There is also a very powerful policy management system
> At this moment is limited to manage our own probes only but we are working
> on a more general release able to manage any barnyard2 / snort type rules
> environment (this includes Suricata for example)
> I hope Community release will be made public in about two weeks. Current
> public code base is SQL based and honestly, has nothing to compare to
> current codebase. I strongly suggest waiting those two weeks.
> Community release is fully open source (Affero GPL) and available for
> free. I'm not going to discuss in this list about the Enterprise release.
> We really hope this project will foster a great open source intelligence
> community alongside Snort.
> El 29/01/2015 18:50, "Bryan Arenal" <b.arenal at ...11827...> escribió:
>> I was wondering what automation tools people use to manage their NIDS
>> servers. My group uses puppet for other types of boxes but I haven't
>> used it for my boxes.
>> Before I go down that path, I was just curious if there's something
>> better that others prefer.
>> Thanks for any suggestions!
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> Snort-users list archive:
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users