| CPC H04L 67/1095 (2013.01) | 14 Claims |
|
1. At least one security orchestration, automation and response (SOAR) appliance of a highly available (HA) security system on a data communication network, running a plurality of virtual machines within a cluster of nodes on at least one hypervisor, for sharing data and configuration files to synchronize a plurality of virtual machines independent of file sharing technology, the at least one SOAR appliance comprising:
a processor;
a network communication interface, communicatively coupled to the data communication network and to the processor; and
a memory, communicatively coupled to the processor and the network communication interface and storing:
a file sync database to store shared data and configuration files to support security operations on the cluster of nodes;
a file sync controller to receive notification of a file sharing command to share a specific file across at least two of the plurality of virtual machines as indicated in the file sharing command;
a virtual machine source node from the cluster of nodes to, responsive to receiving the file sharing command from an application in a virtual machine in the cluster of nodes, to copy the shared file to a source workspace directory and compress, and then copy the compressed file to the file sync database, wherein the command comprises a configuration template with file retrieval information; and
a virtual machine target node from the cluster of nodes to, listen for commands from other nodes in the cluster of nodes, and responsive to receiving the file sharing command, copy the compressed file to a target workspace directory and decompress, and then copy the shared file to the target VM node, according to the file retrieval information.
|