Hi all !
Do you know if there is an open source tool to manage the rules installed on severals probes like Scirius by Eric Leblond (@Regit ) ?
I don’t need such a sophisticated tool. I just need an open source tool with a very simple web interface to manage rules.
Thank you
Is it common to use suricata-update via Saltstack across multiple sensors? assuming that all rules are the same across the fleet of sensors managed via salt stack?
Theres no method to be selective as which sensors receive subset of rules compared to others?
Cheers,
Nathan
I’ve heard of use cases where suricata-update is run in a single location, and then the output is distributed with Ansible. I assume that is equally applicable to Saltstack as well.
Thank you for your answers.
I don’t know SaltStack. I’ll dig the thing.
In fact, I would like to propose a tool that allow analysts to list, modify / delete, add rules via a web interface to simplify things.
In addition, each probe can have differents rules.
If there is no open source solution that covers this need, maybe I’ll think about doing it and present it to you next year in Boston 