Barka da zuwa labari na biyar a cikin jerin game da Maganin Platform Gudanar da Agent Point SandBlast. Ana iya samun labaran da suka gabata ta bin hanyar da ta dace: , , , . A yau za mu kalli iyawar sa ido a cikin Tsarin Gudanarwa, wato aiki tare da rajistan ayyukan, dashboards masu hulɗa (Duba) da rahotanni. Za mu kuma tabo batun Farauta Barazana don gano barazanar da ke faruwa a yanzu da abubuwan da ba su dace ba akan na'urar mai amfani.
rajistan ayyukan
Babban tushen bayanai don saka idanu abubuwan tsaro shine sashin Logs, wanda ke nuna cikakkun bayanai akan kowane abin da ya faru kuma yana ba ku damar amfani da matattara masu dacewa don daidaita ma'aunin binciken ku. Misali, lokacin da ka danna madaidaicin dama (Blade, Action, Severity, da sauransu) na log of sha'awa, ana iya tace wannan siga kamar yadda Tace: "Parameter" ko Tace: "Parameter". Hakanan don ma'aunin tushe za a iya zaɓar zaɓin Kayan aikin IP inda zaku iya gudanar da ping zuwa adireshin IP da aka bayar ko gudanar da nslookup don samun adireshin IP na tushen da suna.
A cikin sashin Logs, don tace abubuwan da suka faru, akwai sashin ƙididdiga, wanda ke nuna ƙididdiga akan duk sigogi: zane na lokaci tare da adadin rajistan ayyukan, da kuma kaso na kowane siga. Daga wannan sashin zaku iya tace rajistan ayyukan cikin sauƙi ba tare da amfani da sandar bincike ba da rubuta maganganun tacewa - kawai zaɓi sigogin sha'awa kuma sabon jerin rajistan ayyukan za a nuna nan da nan.
Ana samun cikakkun bayanai akan kowane log ɗin a cikin ɓangaren dama na sashin Logs, amma ya fi dacewa don buɗe log ɗin ta danna sau biyu don nazarin abubuwan da ke ciki. A ƙasa akwai misalin log ɗin (hoton ana iya dannawa), wanda ke nuna cikakkun bayanai kan farawar aikin Hana Barazana Kwaikwayo akan fayil ɗin ".docx" mai kamuwa da cuta. Log ɗin yana da ɓangarori da yawa waɗanda ke nuna cikakkun bayanai game da taron tsaro: jagororin manufofi da karewa, cikakkun bayanan shari'a, bayanai game da abokin ciniki da zirga-zirga. Rahotannin da ake samu daga log ɗin sun cancanci kulawa ta musamman - Rahoton Kwaikwayi Barazana da Rahotan Forensics. Hakanan ana iya buɗe waɗannan rahotanni daga abokin ciniki na SandBlast Agent.
Rahoton Kwaikwayo na Barazana
Lokacin amfani da wulaƙan Ƙirar Barazana, bayan an yi kwaikwaya a cikin gajimaren Duba Point, hanyar haɗi zuwa cikakken rahoto kan sakamakon kwaikwayi - Rahoton Kwaikwayo na Barazana - yana bayyana a cikin madaidaicin log ɗin. Abubuwan da ke cikin irin wannan rahoton an bayyana su dalla-dalla a cikin labarinmu game da . Ya kamata a lura cewa wannan rahoto yana da ma'amala kuma yana ba ku damar "nutse" cikakkun bayanai ga kowane sashe. Hakanan yana yiwuwa a duba rikodin tsarin kwaikwayi a cikin na'ura mai kama-da-wane, zazzage ainihin fayil ɗin qeta ko samun hash ɗin sa, sannan a tuntuɓi Tawagar Bayar da Amsa Taimako.
Rahoton Forensics
Kusan kowane taron tsaro, an samar da Rahoton Forensics, wanda ya haɗa da cikakkun bayanai game da fayil ɗin ɓarna: halayensa, ayyukansa, wurin shiga cikin tsarin da tasiri akan mahimman kadarorin kamfani. Mun tattauna tsarin rahoton dalla-dalla a cikin labarin game da . Irin wannan rahoto muhimmin tushen bayanai ne yayin binciken abubuwan tsaro, kuma idan ya cancanta, za a iya aika abubuwan da ke cikin rahoton nan da nan zuwa ga Teamungiyar Ba da Amsa Abubuwan Da Ya faru.
Duban Wayo
Duba Point SmartView kayan aiki ne mai dacewa don ƙirƙira da duba dashboards masu ƙarfi (Duba) da rahotanni a cikin tsarin PDF. Daga SmartView zaka iya duba rajistar masu amfani da duba abubuwan da suka faru na masu gudanarwa. Hoton da ke ƙasa yana nuna mafi fa'ida rahotanni da dashboards don aiki tare da Wakilin SandBlast.
Rahotanni a cikin SmartView takardu ne tare da bayanan ƙididdiga game da abubuwan da suka faru a cikin wani ɗan lokaci. Yana goyan bayan loda rahotanni a cikin tsarin PDF zuwa injin da SmartView ke buɗe, da kuma lodawa akai-akai zuwa PDF/Excel zuwa imel ɗin mai gudanarwa. Bugu da kari, yana goyan bayan shigo da / fitarwa na samfuran rahoton, ƙirƙirar rahotannin ku, da ikon ɓoye sunayen mai amfani a cikin rahotanni. Hoton da ke ƙasa yana nuna misalin ginanniyar rahoton Rigakafin Barazana.
Dashboards (Duba) a cikin SmartView yana ba mai gudanarwa damar samun damar rajistan ayyukan don daidaitaccen taron - kawai danna sau biyu akan abin da ake sha'awa, ya zama ginshiƙi na ginshiƙi ko sunan fayil ɗin mugunta. Kamar yadda yake tare da rahotanni, zaku iya ƙirƙirar dashboard ɗin ku kuma ku ɓoye bayanan mai amfani. Dashboards kuma suna goyan bayan shigo da / fitarwa na samfuri, lodawa akai-akai zuwa PDF/Excel zuwa imel ɗin mai gudanarwa, da sabunta bayanai ta atomatik don saka idanu abubuwan tsaro a cikin ainihin lokaci.
Ƙarin sassan kulawa
Bayanin kayan aikin sa ido a cikin Platform Gudanarwa ba zai cika ba ba tare da ambaton Bayanin ba, Gudanar da Kwamfuta, Saitunan Ƙarshen Ƙarshe da sassan Ayyuka na Turawa. An yi bayanin waɗannan sassan daki-daki a ciki , duk da haka, zai zama da amfani a yi la'akari da damar su don magance matsalolin sa ido. Bari mu fara da Bayani, wanda ya ƙunshi sassa biyu - Bayanin Ayyuka da Bayanin Tsaro, waɗanda suke dashboards tare da bayanai game da yanayin injunan masu amfani da kariya da abubuwan tsaro. Kamar yadda ake mu'amala da kowane dashboard, ɓangarorin Bayanin Ayyuka da Bayanin Tsaro, lokacin danna sau biyu akan sigar sha'awa, yana ba ku damar zuwa sashin Gudanar da Kwamfuta tare da zaɓin tace (misali, “Desktops” ko “Pre. Matsayin Boot: An kunna"), ko zuwa sashin rajista don takamaiman taron. Sashin Batun Tsaro shine dashboard "Kallon harin Cyber - Ƙarshen Ƙarshen", wanda za'a iya keɓance shi kuma saita don sabunta bayanai ta atomatik.
Daga sashin Gudanar da Kwamfuta zaku iya sanya ido kan matsayin wakili akan injinan mai amfani, matsayin sabuntawa na bayanan Anti-Malware, matakan ɓoye diski, da ƙari mai yawa. Ana sabunta duk bayanai ta atomatik, kuma ga kowane tace ana nuna adadin na'urorin masu amfani da suka dace. Ana kuma goyan bayan fitar da bayanan kwamfuta a tsarin CSV.
Wani muhimmin al'amari na kula da tsaro na wuraren aiki shine kafa sanarwar game da muhimman abubuwan da suka faru (Alerts) da kuma fitar da rajistan ayyukan (Ayyukan Fitarwa) don ajiya akan uwar garken log na kamfanin. Dukkan saitunan an yi su a cikin sashin Saitunan Ƙarshe, kuma don Alerts Yana yiwuwa a haɗa sabar saƙon imel don aika sanarwar taron zuwa ga mai gudanarwa da kuma saita ƙofofin don jawowa / kashe sanarwar dangane da kashi/yawan na'urorin da suka cika ka'idojin taron. Abubuwan Fitar da Su yana ba ku damar daidaita canja wurin rajistan ayyukan daga Platform Gudanarwa zuwa uwar garken log ɗin kamfanin don ƙarin aiki. Yana goyan bayan SYSLOG, CEF, LEEF, tsarin SPLUNK, ka'idojin TCP/UDP, kowane tsarin SIEM tare da wakilin syslog mai gudana, amfani da ɓoyayyen TLS/SSL da amincin abokin ciniki na syslog.
Don zurfafa nazarin abubuwan da suka faru akan wakili ko kuma idan ana tuntuɓar tallafin fasaha, zaku iya tattara rajistan ayyukan da sauri daga abokin ciniki na SandBlast Agent ta amfani da aikin tilastawa a cikin sashin Ayyukan Tura. Kuna iya saita canja wurin rumbun adana bayanai tare da rajistan ayyukan zuwa Sabar Dubawa ko sabar kamfani, kuma ana adana ma'ajiyar bayanai tare da rajistan ayyukan akan injin mai amfani a cikin C: UsersusernameCPInfo directory. Yana goyan bayan ƙaddamar da tsarin tattara log ɗin a ƙayyadadden lokaci da ikon jinkirta aiki ta mai amfani.
Barazana Farauta
Ana amfani da farauta na Barazana don bincika ayyukan ƙeta da ƙazamin ɗabi'a a cikin tsarin don ƙara bincika yuwuwar lamarin tsaro. Sashin Farauta Barazana a cikin Platform Gudanarwa yana ba ku damar bincika abubuwan da suka faru tare da takamaiman sigogi a cikin bayanan injin mai amfani.
Kayan aikin Farauta na Barazana yana da ƙayyadaddun tambayoyi da yawa, misali: don rarraba yankuna ko fayiloli masu ɓarna, bibiyar buƙatun da ba kasafai ba zuwa wasu adiresoshin IP (dangane da ƙididdiga na gaba ɗaya). Tsarin buƙatun ya ƙunshi sigogi uku: nuna alama (ka'idar hanyar sadarwa, mai gano tsari, nau'in fayil, da sauransu), ma'aikaci ("shine", "ba", "ya haɗa", "ɗayan", da sauransu) da buqatar jiki. Kuna iya amfani da maganganu na yau da kullun a jikin buƙatun, kuma kuna iya amfani da matattara da yawa lokaci guda a mashaya bincike.
Bayan zaɓin tacewa da kammala sarrafa buƙatun, kuna da damar yin amfani da duk abubuwan da suka dace, tare da ikon duba cikakkun bayanai game da taron, keɓe abin nema, ko samar da cikakken Rahoton Forensics tare da bayanin taron. A halin yanzu, wannan kayan aiki yana cikin sigar beta kuma a nan gaba an shirya shi don faɗaɗa saiti na iya aiki, alal misali, ƙara bayanai game da taron a cikin nau'in Miter Att & ck matrix.
ƙarshe
Bari mu taƙaita: a cikin wannan labarin mun duba iyawar sa ido kan al'amuran tsaro a cikin SandBlast Agent Management Platform, kuma mun yi nazarin sabon kayan aiki don bincika ayyukan mugunta da abubuwan da ba su dace ba a kan injinan masu amfani - Barazanar Farauta. Labari na gaba zai zama na ƙarshe a cikin wannan jerin kuma a ciki za mu kalli tambayoyin da ake yawan yi akai-akai game da maganin Platform na Gudanarwa kuma muyi magana game da yuwuwar gwada wannan samfurin.
. Don kar a rasa wallafe-wallafen na gaba kan batun SandBlast Agent Management Platform, bi sabuntawa akan hanyoyin sadarwar mu (, , , , ).
source: www.habr.com