[Bro] distributing Intel feeds using Salt
Doug Burks
doug.burks at gmail.com
Sun May 18 07:34:03 PDT 2014
Hi Brian,
This question is probably more suited for the Security Onion mailing list
(cc'd). If you're using our OnionSalt scripts, you shouldn't need to use
salt-cp manually. OnionSalt should automatically replicate
/opt/bro/share/bro/policy/ from the server to all sensors.
http://blog.securityonion.net/2014/04/new-securityonion-onionsalt-package.html?m=1
On Sunday, May 18, 2014, Kellogg, Brian D (OLN) <bkellogg at dresser-rand.com>
wrote:
> I've setup a number of Intel feeds on our SecurityOnion server that get
> distributed to the sensors via the "salt-cp" command. I use mal-dns2bro to
> grab them. Does the "salt-cp" command act as an atomic move of the intel
> feed files to the sensors or should I first delete the files from the
> sensors? Is there a log that shows the updated Intel feed files being read?
>
>
>
>
>
> Thank you,
>
> *Brian Kellogg*
>
> Security Analyst; IT Governance, Risk, and Compliance
>
> 500 Paul Clark Drive, Olean, NY 14760
>
> T: (716) 375-3186 | F: (716) 375-3557
>
> www.dresser-rand.com NYSE: DRC
>
>
>
> Bringing energy and the environment into harmony®
>
>
>
> *IMPORTANT NOTICE:*
>
> *This email may be confidential, may be legally privileged, and is for the
> intended recipient only. Unauthorized access, disclosure, copying,
> distribution, or reliance on any of it by anyone else is prohibited and may
> be a criminal offense. Please delete if obtained in error and email
> confirmation to the sender.*
>
--
Doug Burks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140518/cd38149a/attachment.html
More information about the Bro
mailing list