An buga sakin tsarin don ɗaukarwa, adanawa da ƙididdige fakitin cibiyar sadarwa Arkime 5.0, yana ba da kayan aikin gani don kimanta zirga-zirgar zirga-zirgar gani da kuma neman bayanai masu alaƙa da ayyukan cibiyar sadarwa. AOL ne ya kirkiro aikin da farko tare da manufar ƙirƙirar buɗaɗɗen sauyawa don dandamalin sarrafa fakitin hanyar sadarwa na kasuwanci wanda ke tallafawa turawa a kan sabar sa kuma yana iya yin ƙima don aiwatar da zirga-zirga cikin sauri na dubun gigabits a sakan daya. An rubuta lambar ɓangaren kama zirga-zirga a cikin C, kuma ana aiwatar da haɗin gwiwar a Node.js/JavaScript. Ana rarraba lambar tushe a ƙarƙashin lasisin Apache 2.0. Yana goyan bayan aiki akan Linux da FreeBSD. An shirya fakitin da aka shirya don Arch Linux, RHEL/CentOS da Ubuntu.
Arkime ya haɗa da kayan aiki don ɗaukarwa da ƙididdige zirga-zirgar PCAP, kuma yana ba da kayan aikin don saurin samun bayanai masu ƙima. Amfani da daidaitaccen tsari na PCAP yana sauƙaƙa haɗin kai tare da masu nazarin hanyoyin zirga-zirga kamar Wireshark. Ƙarar bayanan da aka adana yana iyakance kawai ta girman faifan da ke akwai. An yi lissafin metadata na zama a cikin tari dangane da Elasticsearch ko Buɗe-Search injin. Bangaren kama zirga-zirgar ababen hawa yana aiki a cikin yanayin zaren da yawa kuma yana warware ayyukan sa ido, rubuta jujjuyawar PCAP zuwa faifai, rarraba fakitin da aka kama da aika metadata game da zaman (SPI, Binciken fakiti na Jiha) da ka'idoji zuwa tarin Elasticsearch/OpenSearch. Yana yiwuwa a adana fayilolin PCAP a rufaffen tsari.
Don bincika bayanan da aka tara, ana ba da hanyar haɗin yanar gizo wanda ke ba ku damar kewayawa, bincika da samfuran fitarwa. Gidan yanar gizon yana ba da hanyoyin kallo da yawa - daga ƙididdiga na gabaɗaya, taswirorin haɗin gwiwa da jadawali na gani tare da bayanai kan canje-canjen ayyukan cibiyar sadarwa zuwa kayan aikin nazarin zaman ɗaiɗaiku, nazarin ayyuka a cikin mahallin ƙa'idodin da aka yi amfani da su da rarraba bayanai daga jujjuyawar PCAP. Ana kuma ba da API wanda ke ba ku damar aika bayanai game da fakitin da aka kama a cikin tsarin PCAP da kuma zaman da aka haɗa a cikin tsarin JSON zuwa aikace-aikacen ɓangare na uku.
A cikin sabon sigar:
- Ƙara ikon aika haɗakar buƙatun neman bayanai ta hanyar sabis na Cont3xt don tattara bayanan da ake samu a buɗaɗɗen maɓuɓɓuka daban-daban (OSINT) lokaci guda game da abubuwa da yawa.
- Ƙara goyon baya don hanyoyin JA4 da JA4+ na zirga-zirga don gano ka'idojin cibiyar sadarwa da aikace-aikace.
- An canza zane na toshe tare da cikakkun bayanai game da zaman, wanda ya rage girman da ba a yi amfani da shi ba kuma yana aiwatar da shimfidar ginshiƙai biyu don manyan fuska.
- An ƙara tubalan saukarwa zuwa Fayiloli, Tarihi da Stats shafuka don bincika lokaci guda a lokuta da yawa na keɓancewar dubawa (Mai kallo).
- An haɗa tsarin ba da izini kuma an raba shi zuwa wani keɓaɓɓen tsari, wanda yanzu ana amfani dashi a cikin duk aikace-aikacen Arkime. Maimakon yanayin ba da izini, hanyar narke ana amfani da shi ta tsohuwa. An ƙara sabbin hanyoyin ba da izini: asali, tsari, tsari
- An canza duk aikace-aikacen zuwa tsarin haɗin kai wanda ke goyan bayan saitunan sarrafawa ta nau'i daban-daban (ini, json, yaml) kuma yana da ikon loda saituna daga tushe daban-daban, misali, daga diski, ta hanyar hanyar sadarwa ta HTTPS ko daga OpenSearch/Elasticsearch. .
- Ƙara goyon baya don shigo da adanawa (a kan layi) PCAP jujjuya da zazzage su ta URL ta HTTPS ko daga Amazon S3 ajiya, ba tare da buƙatar fara ajiye su akan tsarin gida ba.
source: budenet.ru