[Bro] distributing Intel feeds using Salt

Kellogg, Brian D (OLN) bkellogg at dresser-rand.com
Sun May 18 06:36:06 PDT 2014

I've setup a number of Intel feeds on our SecurityOnion server that get distributed to the sensors via the "salt-cp" command.  I use mal-dns2bro to grab them.  Does the "salt-cp" command act as an atomic move of the intel feed files to the sensors or should I first delete the files from the sensors?  Is there a log that shows the updated Intel feed files being read?

Thank you,
Brian Kellogg
Security Analyst; IT Governance, Risk, and Compliance
500 Paul Clark Drive, Olean,  NY 14760
T: (716) 375-3186 | F: (716) 375-3557
www.dresser-rand.com<http://www.dresser-rand.com>     NYSE: DRC

Bringing energy and the environment into harmony(r)

This email may be confidential, may be legally privileged, and is for the intended recipient only. Unauthorized access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140518/661ba4c5/attachment.html 

More information about the Bro mailing list