’Yan shekarun da suka gabata, lokacin da muka fara aiwatar da Auditor Change a banki ɗaya, mun lura da ɗimbin rubutun PowerShell waɗanda suka yi aikin tantancewa iri ɗaya, amma ta hanyar fasaha. Yawancin lokaci ya wuce tun lokacin, abokin ciniki har yanzu yana amfani da Change Auditor kuma yana tunawa da goyon bayan duk waɗannan rubutun a matsayin mafarki mai ban tsoro. Wannan mafarkin kuma zai iya zama mafarki mai ban tsoro idan mutumin da ya yi hidimar rubutun a cikin mutum ɗaya zai ɗauka ya bar shi, ya manta da canja wurin ilimin sirri. Daga abokan aiki, mun ji cewa irin wannan lamari ya faru a wasu wurare kuma hakan ya haifar da rudani ga aikin sashen tsaro na bayanai. A cikin wannan labarin, za mu yi magana game da manyan fa'idodin Canji Auditor kuma mu sanar da gidan yanar gizo a ranar 29 ga Yuli akan wannan kayan aikin tantancewa. A karkashin yanke duk cikakkun bayanai.
Hoton da ke sama yana nuna masarrafar gidan yanar gizo ta Tsaro ta IT tare da mashaya mai kama da google, wanda a ciki ya dace don warware abubuwan da suka faru daga Canja Auditor da keɓance ra'ayoyi.
Canja Auditor kayan aiki ne mai ƙarfi don duba canje-canje a cikin kayan aikin Microsoft, tsararrun faifai da VMware. Ana goyan bayan Auditing: AD, Azure AD, SQL Server, Exchange, Exchange Online, Sharepoint, Sharepoint Online, Windows File Server, OneDrive don Kasuwanci, Skype don Kasuwanci, VMware, NetApp, EMC, FluidFS. Akwai rahotannin da aka riga aka shigar don dacewa da GDPR, SOX, PCI, HIPAA, FISMA, GLBA.
Ana tattara ma'auni daga sabar Windows ta hanyar tushen wakili, wanda ke ba ku damar bincika ta amfani da haɗin kai mai zurfi cikin kira a cikin AD kuma, kamar yadda mai siyar da kansa ya rubuta, wannan hanyar tana gano canje-canje har ma a cikin ƙungiyoyi masu zurfi kuma yana gabatar da ƙarancin nauyi fiye da lokacin rubutu, karantawa da fitar da rajistan ayyukan (haka suke aiki ). Kuna iya duba shi a ƙarƙashin babban kaya. Sakamakon wannan ƙananan matakin haɗin gwiwa, a cikin Neman Canjin Auditor, kuna iya yin watsi da wasu canje-canje ga wasu abubuwa, har ma ga masu amfani da matakin Admin Enterprise. Wato don kare kanku daga masu gudanar da ayyukan AD.
A cikin Mai binciken Canji, duk canje-canje an daidaita su zuwa kallon 5W - Wanene, Menene, Ina, Lokacin, Wurin Aiki (Wane, Menene, Ina, Lokacin kuma akan wane wurin aiki). Wannan tsarin yana ba ku damar haɗa abubuwan da aka karɓa daga tushe daban-daban.
A ranar 2 ga Yuni, 2020, an fitar da sabon sigar Canjin Auditor - 7.1. Yana da mahimman abubuwan ingantawa:
- Gano barazanar wucewa-da-tikiti (gano tikitin Kerberos tare da ranar karewa wanda ya wuce manufofin yanki, wanda zai iya nuna yiwuwar harin Tikitin Zinare);
- duban ingantattun NTLM masu nasara da rashin nasara (zaku iya tantance sigar NTLM, kuma ku sanar da aikace-aikacen da ke amfani da v1);
- duba na nasara da rashin nasara ingantattun Kerberos;
- Ana tura wakilai na tantancewa a cikin dajin AD makwabta.
Hoton hoton yana nuna barazanar da aka gano tare da dogon lokacin ingancin Tikitin Kerberos.
Tare da wani samfur daga Quest - A Buƙatar Audit, zaku iya bincika mahallin mahaɗan daga keɓancewar mahalli guda ɗaya da saka idanu tambura a cikin AD, Azure AD, da canje-canje a cikin Office 365.
Wani fa'idar Canjin Auditor shine yuwuwar haɗawa da waje tare da tsarin SIEM kai tsaye ko ta wani samfurin Quest - InTrust. Idan kun saita irin wannan haɗin kai, zaku iya aiwatar da ayyuka na atomatik don murkushe hari ta hanyar InTrust, kuma saita ra'ayoyi a cikin Elastic Stack iri ɗaya kuma ku baiwa abokan aiki damar duba bayanan tarihi.
Don ƙarin koyo game da Canji Auditor, muna gayyatar ku don halartar gidan yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizo, wanda zai gudana a ranar 29 ga Yuli da karfe 11 na safe agogon Moscow. Bayan webinar, zaku iya yin tambayoyinku.
Wasu labarai game da hanyoyin tsaro na Quest:
Kuna iya barin buƙatar shawarwari, kayan rarrabawa ko aikin matukin jirgi ta hanyar a gidan yanar gizon mu. Akwai kuma bayanin hanyoyin da aka tsara.
source: www.habr.com