A cikin kasidun da suka gabata mun ɗan saba da tarin elk da kafa fayil ɗin daidaitawar Logstash don log parser. tsarin da abin da duk abin da aka halitta domin - wadannan su ne jadawalai da Tables a hade cikin dashboards. A yau za mu dubi tsarin gani sosai Kibana, Za mu dubi yadda za a ƙirƙira zane-zane da tebur, kuma a sakamakon haka za mu gina dashboard mai sauƙi dangane da rajistan ayyukan daga Tacewar zaɓi na Check Point.
Mataki na farko na aiki tare da kibana shine ƙirƙirar tsarin index, a ma'ana, wannan tushe ne na fihirisa da aka haɗa bisa wata ƙa'ida. Tabbas, wannan saitin ne kawai don sa Kibana ya fi dacewa don neman bayanai a cikin dukkan fihirisa a lokaci guda. An saita shi ta hanyar daidaita kirtani, faɗi "Checkpoint-*" da sunan fihirisar. Misali, "Checkpoint-2019.12.05" zai dace da tsarin, amma kawai "tambarin dubawa" ba ya wanzu. Yana da kyau a ambaci daban cewa a cikin bincike ba shi yiwuwa a bincika bayanai kan alamu daban-daban a lokaci guda; kadan daga baya a cikin labaran da ke gaba za mu ga cewa ana yin buƙatun API ko dai da sunan maƙasudin, ko kuma ta ɗaya kawai. layin tsarin, hoton yana dannawa:
Bayan wannan, muna bincika menu na Discover cewa duk rajistan ayyukan an tsara su kuma an daidaita madaidaicin fasinja. Idan an sami duk wani rashin daidaituwa, misali, canza nau'in bayanai daga kirtani zuwa lamba, kuna buƙatar gyara fayil ɗin daidaitawar Logstash, sakamakon haka, sabbin rajistan ayyukan za a rubuta daidai. Domin tsofaffin rajistan ayyukan su ɗauki nau'in da ake so kafin canji, kawai tsarin reindexing yana taimakawa; a cikin labaran da ke gaba za a tattauna wannan aikin dalla-dalla. Bari mu tabbatar da komai yana cikin tsari, hoton ana iya dannawa:
Lokulan suna cikin wurin, wanda ke nufin za mu iya fara gina dashboards. Dangane da nazarin dashboards daga samfuran tsaro, zaku iya fahimtar yanayin tsaro na bayanai a cikin ƙungiya, zaku iya ganin rashin ƙarfi a cikin manufofin yanzu, sannan ku haɓaka hanyoyin kawar da su. Bari mu gina ƙaramin dashboard ta amfani da kayan aikin gani da yawa. Dashboard ɗin zai ƙunshi abubuwa 5:
- tebur don ƙididdige jimlar adadin rajistan ayyukan ta ruwan wukake
- tebur akan sa hannun IPS masu mahimmanci
- ginshiƙi don abubuwan da suka faru na Rigakafin Barazana
- ginshiƙi na shahararrun wuraren da aka ziyarta
- ginshiƙi akan amfani da aikace-aikacen mafi haɗari
Don ƙirƙirar ƙididdiga masu gani, kuna buƙatar zuwa menu Duba ra'ayi, kuma zaɓi adadi da muke so mu gina! Mu je cikin tsari.
Teburi don ƙididdige jimlar adadin rajistan ayyukan ta ruwa
Don yin wannan, zaɓi adadi Teburin Bayanai, Mun fada cikin kayan aiki don ƙirƙirar jadawali, a gefen hagu akwai saitunan adadi, a dama shine yadda zai dubi a cikin saitunan yanzu. Na farko, zan nuna yadda teburin da aka gama zai yi kama, bayan haka za mu shiga cikin saitunan, hoton yana dannawa:
Ƙarin cikakkun saitunan adadi, hoton ana iya dannawa:
Mu duba saituna.
Da farko an saita awo, wannan ita ce ƙimar da za a tara dukkan filayen ta hanyar. Ana ƙididdige ma'auni bisa ƙimar da aka ciro ta hanya ɗaya ko wata daga takaddun. Yawanci ana fitar da ƙimar daga filayen daftarin aiki, amma kuma ana iya samarwa ta amfani da rubutun. A wannan yanayin mun sanya a ciki Tari: ƙidaya ( jimlar adadin rajistan ayyukan).
Bayan wannan, muna raba tebur zuwa sassa (filaye) wanda za a ƙididdige ma'auni. Ana yin wannan aikin ta hanyar saitin Buckets, wanda kuma ya ƙunshi zaɓuɓɓukan saiti 2:
- raba layuka - ƙara ginshiƙai kuma daga baya raba tebur zuwa layuka
- tsaga tebur - rarrabuwa cikin teburi da yawa dangane da ƙimar takamaiman filin.
В buckets zaka iya ƙara rarrabuwa da yawa don ƙirƙirar ginshiƙai ko teburi da yawa, ƙuntatawa anan suna da ma'ana. A cikin tarawa, zaku iya zaɓar wace hanya za a yi amfani da ita don rarraba zuwa sassa: kewayon ipv4, kewayon kwanan wata, Sharuɗɗa, da sauransu. Zaɓin mafi ban sha'awa shine daidai Terms и Muhimman Sharuɗɗa, Rarraba cikin sassa ana aiwatar da shi bisa ga ƙimar takamaiman filin fihirisa, bambanci tsakanin su yana cikin adadin adadin da aka dawo da su, da nunin su. Tun da muna so mu raba tebur da sunan ruwan wukake, mun zaɓi filin - samfur.keyword kuma saita girman zuwa dabi'u 25 da aka dawo dasu.
Maimakon kirtani, elasticsearch yana amfani da nau'ikan bayanai guda 2 - rubutu и keyword. Idan kuna son yin bincike mai cikakken rubutu, yakamata kuyi amfani da nau'in rubutu, abu mai matukar dacewa lokacin rubuta sabis ɗin bincikenku, misali, neman ambaton kalma a cikin takamaiman ƙimar filin (rubutu). Idan ainihin wasa kawai kuke so, yakamata kuyi amfani da nau'in kalmar maɓalli. Hakanan, yakamata a yi amfani da nau'in bayanan maɓalli don filayen da ke buƙatar rarrabuwa ko tarawa, wato, a yanayinmu.
Sakamakon haka, Elasticsearch yana ƙididdige adadin rajistan ayyukan na wani ɗan lokaci, an haɗa shi da ƙimar filin samfurin. A cikin Label na Custom, mun saita sunan ginshiƙi wanda za'a nuna a cikin tebur, saita lokacin da muke tattara rajistan ayyukan, fara ma'amala - Kibana ya aika da buƙatu don bincike na elastick, yana jiran amsa sannan ya hango bayanan da aka karɓa. Tebur yana shirye!
Taswirar kek don abubuwan rigakafin Barazana
Abin sha'awa na musamman shine bayanin game da yawan halayen da ake samu a matsayin kashi Tsinkayen и hana akan abubuwan da suka faru na tsaro na bayanai a cikin manufofin tsaro na yanzu. Tsarin kek yana aiki da kyau don wannan yanayin. Zaɓi cikin Kallon gani - Pie ginshiƙi. Hakanan a cikin ma'auni mun saita tarawa ta adadin rajistan ayyukan. A cikin bokiti mun sanya Sharuɗɗa => aiki.
Komai yayi daidai, amma sakamakon yana nuna ƙimar ga duk ruwan wukake; kuna buƙatar tace kawai ta waɗancan ruwan wukake waɗanda ke aiki a cikin tsarin rigakafin Barazana. Saboda haka, tabbas mun kafa shi tace don nemo bayanai kawai kan ruwan wukake da ke da alhakin abubuwan da suka faru na tsaro - samfur: ("Anti-Bot" KO "Sabon Anti-Virus" KO "DDoS Protector" KO "SmartDefense" KO "Thangen Emulation"). Ana iya danna hoton:
Kuma ƙarin cikakkun bayanai, hoton ana iya dannawa:
Teburin Taron IPS
Na gaba, mahimmanci mai mahimmanci daga ra'ayi na tsaro na bayanai shine dubawa da duba abubuwan da ke faruwa akan ruwa. IPS и Barazana Kwaikwayo, которые ba a toshe manufofin yanzu, don daga baya ko dai canza sa hannu don hanawa, ko kuma idan zirga-zirgar tana aiki, kar a duba sa hannun. Muna ƙirƙirar tebur kamar yadda na farko misali, tare da kawai bambanci cewa muna ƙirƙirar ginshiƙai da yawa: protections.keyword, severity.keyword, samfur.keyword, asalin sunan farko.keyword. Tabbatar da saita tacewa don neman bayanai kawai akan ruwan wukake da ke da alhakin abubuwan tsaro na bayanai - samfur: ("SmartDefense" KO "Treat Emulation"). Ana iya danna hoton:
Ƙarin cikakkun bayanai, hoton ana iya dannawa:
Charts don shahararrun wuraren da aka ziyarta
Don yin wannan, ƙirƙirar adadi - Tsaye Bar. Har ila yau, muna amfani da ƙirga (Y axis) azaman ma'auni, kuma akan axis X za mu yi amfani da sunan wuraren da aka ziyarta azaman ƙimar - "apppi_name". Akwai kadan dabara a nan: idan kun gudanar da saitunan a cikin sigar yanzu, to duk rukunin yanar gizon za a yi alama akan ginshiƙi tare da launi iri ɗaya, don sanya su masu launuka masu yawa muna amfani da ƙarin saiti - “tsaga jerin”, wanda ke ba ku damar raba ginshiƙi da aka shirya zuwa ƙarin ƙima, dangane da filin da aka zaɓa ba shakka! Ana iya amfani da wannan rarrabuwar kai tsaye azaman ginshiƙi mai launi ɗaya bisa ga dabi'u a cikin yanayin da aka tattara, ko kuma a cikin yanayin al'ada don ƙirƙirar ginshiƙai da yawa gwargwadon ƙimar ƙimar X. A wannan yanayin, a nan muna amfani da ƙima ɗaya kamar a axis X, wannan yana ba da damar yin duk ginshiƙai masu launuka iri-iri; za a nuna su ta launuka a saman dama. A cikin tace mun saita - samfur: "Tace URL" don ganin bayanai kawai akan rukunin yanar gizon da aka ziyarta, ana iya danna hoton:
Saituna:
Zane akan amfani da aikace-aikacen mafi haɗari
Don yin wannan, ƙirƙira adadi - Bar Bar. Muna amfani da ƙirga (Y axis) azaman ma'auni, kuma akan axis X za mu yi amfani da sunan aikace-aikacen da aka yi amfani da su - "app_name" a matsayin ƙima. Mafi mahimmanci shine saitin tacewa - samfur: "Ikon Aikace-aikacen" DA app_risk: (4 KO 5 KO 3 ) DA aiki: "karɓa". Muna tace rajistan ayyukan ta hanyar sarrafa aikace-aikacen, ɗaukar waɗannan rukunin yanar gizon waɗanda aka karkasa su azaman Critical, High, Matsakaicin wuraren haɗari kuma kawai idan an ba da izinin shiga waɗannan rukunin yanar gizon. Ana iya danna hoton:
Saituna, dannawa:
Dashboard
Dubawa da ƙirƙirar dashboards yana cikin wani abu na daban na menu - Gaban. Komai yana da sauƙi a nan, an ƙirƙiri sabon dashboard, ana ƙara gani a ciki, an sanya shi a wurinsa kuma shi ke nan!
Muna ƙirƙirar dashboard ta hanyar da zaku iya fahimtar ainihin yanayin yanayin tsaro na bayanai a cikin ƙungiya, ba shakka, a matakin Check Point kawai, ana iya danna hoton:
Dangane da waɗannan jadawali, za mu iya fahimtar waɗanne sa hannu masu mahimmanci ba a toshe su a kan Tacewar zaɓi, inda masu amfani ke tafiya, da menene mafi haɗari aikace-aikacen da suke amfani da su.
ƙarshe
Mun kalli iyawar gani na asali a Kibana kuma mun gina dashboard, amma wannan ƙaramin sashi ne. Bugu da ari a cikin kwas ɗin za mu kalli kafa taswira daban-daban, aiki tare da tsarin bincike na elastick, sanin buƙatun API, sarrafa kansa da ƙari mai yawa!
Don haka ku kasance da mu, , , ), .
source: www.habr.com