Welina mai i ka ʻatikala ʻelima o ka moʻo e pili ana i ka ʻōnaehana Check Point SandBlast Agent Management Platform. Hiki ke loaʻa nā ʻatikala mua ma ka hahai ʻana i ka loulou kūpono: , , , . I kēia lā e nānā mākou i nā hiki ke nānā i ka Management Platform, ʻo ia hoʻi ka hana ʻana me nā lāʻau, nā dashboards interactive (View) a me nā hōʻike. E hoʻopili pū mākou i ke kumuhana o Threat Hunting e ʻike ai i nā hoʻoweliweli o kēia manawa a me nā hanana anomalous ma ka mīkini o ka mea hoʻohana.
Nā leka
ʻO ke kumu nui o ka ʻike no ka nānā ʻana i nā hanana palekana ʻo ia ka ʻāpana Logs, e hōʻike ana i ka ʻike kikoʻī i kēlā me kēia hanana a hiki iā ʻoe ke hoʻohana i nā kānana kūpono e hoʻomaʻemaʻe i kāu mau ʻimi hulina. No ka laʻana, ke kaomi ʻākau ʻoe i kahi ʻāpana (Blade, Action, Severity, etc.) o ka log of interest, hiki ke kānana ʻia kēia ʻāpana e like me Kānana: "Parameter" ai ole ia, Kānana i waho: "Parameter". No ke kumu hoʻohālikelike hiki ke koho ʻia ke koho IP Tools kahi e hiki ai iā ʻoe ke holo i kahi ping i kahi IP address / inoa i hāʻawi ʻia a i ʻole holo i kahi nslookup e kiʻi i ke kumu IP address ma ka inoa.
Ma ka ʻāpana Logs, no ke kānana ʻana i nā hanana, aia kahi ʻāpana Statistics, e hōʻike ana i nā ʻikepili ma nā ʻāpana āpau: kahi kiʻi manawa me ka helu o nā lāʻau, a me nā pākēneka no kēlā me kēia ʻāpana. Mai kēia ʻāpana hiki iā ʻoe ke kānana maʻalahi i nā lāʻau me ka hoʻohana ʻole i ka pahu hulina a me ke kākau ʻana i nā huaʻōlelo kānana - koho wale i nā ʻāpana hoihoi a e hōʻike koke ʻia kahi papa inoa o nā lāʻau.
Loaʻa ka ʻike kikoʻī o kēlā me kēia lāʻau ma ka ʻaoʻao ʻākau o ka ʻāpana Logs, akā ʻoi aku ka maʻalahi o ka wehe ʻana i ka log ma ke kaomi ʻelua e nānā i nā ʻike. Aia ma lalo iho kahi laʻana o kahi log (hiki ke kaomi ʻia ke kiʻi), e hōʻike ana i ka ʻike kikoʻī e pili ana i ka hoʻomaka ʻana o ka hana Kāohi o ka Threat Emulation blade ma kahi faila ".docx" i maʻi. Loaʻa i ka log kekahi mau ʻāpana e hōʻike ana i nā kikoʻī o ka hanana palekana: nā kulekele a me nā pale, nā kikoʻī forensics, ka ʻike e pili ana i ka mea kūʻai aku a me ke kaʻa. Pono nā hōʻike i loaʻa mai ka lāʻau i ka nānā kūikawā - Threat Emulation Report a me Forensics Report. Hiki ke wehe ʻia kēia mau hōʻike mai ka mea kūʻai aku ʻo SandBlast Agent.
Hoike Hooweliweli
I ka wā e hoʻohana ai i ka lāʻau Threat Emulation, ma hope o ka hoʻokō ʻia ʻana o ka emulation ma ke ao Check Point, kahi loulou i kahi hōʻike kikoʻī e pili ana i nā hopena hoʻohālikelike - Hōʻike Hoʻoweliweli Hoʻoweliweli - ʻike ʻia ma ka log pili. Hōʻike ʻia nā kikoʻī o ia hōʻike i kā mākou ʻatikala e pili ana . He mea pono e hoʻomaopopo he pili kēia hōʻike a hiki iā ʻoe ke "luʻu i loko" i nā kikoʻī no kēlā me kēia ʻāpana. Hiki ke nānā i ka hoʻopaʻa ʻana o ke kaʻina hana hoʻohālike i loko o kahi mīkini virtual, hoʻoiho i ka faila hewa kumu a i ʻole e loaʻa i kāna hash, a e hoʻopili pū i ka Pūʻulu Manaʻo Hōʻikeʻike.
Hoike Forensics
No nā hanana palekana, hana ʻia kahi Forensics Report, kahi e pili ana i ka ʻike kikoʻī e pili ana i ka faila ʻino: kona mau hiʻohiʻona, nā hana, ka helu komo i loko o ka ʻōnaehana a me ka hopena i nā waiwai nui o ka ʻoihana. Ua kūkākūkā mākou i ke ʻano o ka hōʻike ma ka ʻatikala e pili ana . ʻO ia hōʻike he kumu nui o ka ʻike i ka wā e noiʻi ai i nā hanana palekana, a inā pono, hiki ke hoʻouna koke ʻia nā mea o ka hōʻike i ka Check Point Incident Response Team.
Nānā akamai
ʻO Check Point SmartView kahi mea hana maʻalahi no ka hana ʻana a me ka nānā ʻana i nā dashboard dynamic (View) a me nā hōʻike ma ka palapala PDF. Mai SmartView hiki iā ʻoe ke nānā i nā loina mea hoʻohana a me nā hanana loiloi no nā luna. Hōʻike ka kiʻi ma lalo nei i nā hōʻike pono loa a me nā dashboards no ka hana ʻana me SandBlast Agent.
ʻO nā hōʻike ma SmartView nā palapala me ka ʻikepili helu e pili ana i nā hanana i kekahi manawa. Kākoʻo ia i ka hoʻouka ʻana i nā hōʻike ma ka palapala PDF i ka mīkini kahi e wehe ai ʻo SmartView, a me ka hoʻouka maʻamau i PDF/Excel i ka leka uila a ka luna hoʻomalu. Eia kekahi, kākoʻo ia i ka lawe ʻana mai / hoʻokuʻu aku i nā hōʻike hōʻike, hana i kāu mau hōʻike ponoʻī, a me ka hiki ke hūnā i nā inoa mea hoʻohana i nā hōʻike. Hōʻike ka kiʻi ma lalo i kahi laʻana o kahi hōʻike hoʻoweliweli i kūkulu ʻia.
Nā Dashboards (Nānā) ma SmartView e ʻae i ka luna hoʻomalu e komo i nā lāʻau no ka hanana pili - e kaomi pālua i ka mea hoihoi, inā he kolamu pakuhi a i ʻole ka inoa o kahi faila hewa. E like me nā hōʻike, hiki iā ʻoe ke hana i kāu dashboard ponoʻī a hūnā i ka ʻikepili mea hoʻohana. Kākoʻo pū nā Dashboards i ka lawe ʻana mai / hoʻokuʻu aku i nā mamana, hoʻouka maʻamau i ka PDF/Excel i ka leka uila a ka luna hoʻomalu, a me nā hōʻano hou ʻikepili no ka nānā ʻana i nā hanana palekana i ka manawa maoli.
Nā māhele nānā hou aku
ʻAʻole paʻa ka wehewehe ʻana i nā mea hana nānā i ka Management Platform me ka ʻole o ka haʻi ʻana i ka Overview, Computer Management, Endpoint Settings and Push Operations sections. Ua wehewehe kikoʻī ʻia kēia mau ʻāpana ma , akā, pono e noʻonoʻo i ko lākou hiki ke hoʻoponopono i nā pilikia nānā. E hoʻomaka kākou me Overview, nona nā ʻāpana ʻelua - Operational Overview a Security Overview, ʻo ia nā dashboards me ka ʻike e pili ana i ke kūlana o nā mīkini mea hoʻohana palekana a me nā hanana palekana. E like me ka launa pū ʻana me kekahi dashboard ʻē aʻe, ʻo ka Operational Overview a me ka Security Overview subsections, i ka pālua ʻana i ka ʻāpana o ka hoihoi, hiki iā ʻoe ke hele i ka ʻāpana Computer Management me ka kānana i koho ʻia (no ka laʻana, "Desktops" a i ʻole "Pre- Kūlana Kūlana: Hoʻohana ʻia"), a i ʻole i ka ʻāpana Logs no kahi hanana kūikawā. ʻO ka ʻaoʻao o ka Security Overview he "Cyber Attack View - Endpoint" dashboard, hiki ke hoʻonohonoho ʻia a hoʻonohonoho ʻia e hoʻololi i ka ʻikepili.
Mai ka ʻāpana Computer Management hiki iā ʻoe ke nānā i ke kūlana o ka mea hoʻohana ma nā mīkini mea hoʻohana, ke kūlana hōʻano hou o ka waihona Anti-Malware, nā pae o ka disk encryption, a me nā mea hou aku. Hōʻano hou ʻia nā ʻikepili a pau, a no kēlā me kēia kānana e hōʻike ʻia ka pākēneka o nā mīkini hoʻohana like. Kākoʻo ʻia ka lawe ʻana i ka ʻikepili kamepiula ma ke ʻano CSV.
ʻO kahi ʻano koʻikoʻi o ka nānā ʻana i ka palekana o nā keʻena hana ke hoʻonohonoho nei i nā leka e pili ana i nā hanana koʻikoʻi (Alerts) a me ka lawe ʻana i nā lāʻau (Export Events) no ka mālama ʻana ma ka server log o ka hui. Hana ʻia nā hoʻonohonoho ʻelua ma ka ʻāpana Endpoint Settings, a no me ka makaʻala loa Hiki ke hoʻohui i kahi kikowaena leka uila e hoʻouna i nā hoʻolaha hanana i ka luna hoʻoponopono a hoʻonohonoho i nā paepae no ka hoʻomaka ʻana / hoʻopau ʻana i nā leka hoʻomaopopo ma muli o ka pākēneka/helu o nā hāmeʻa e kū ana i nā koina hanana. Nā hanana hana hiki iā ʻoe ke hoʻonohonoho i ka hoʻoili ʻana o nā lāʻau mai ka Management Platform i ka server log o ka hui no ka hana hou ʻana. Kākoʻo iā SYSLOG, CEF, LEEF, SPLUNK formats, TCP/UDP protocols, kekahi ʻōnaehana SIEM me kahi mea hana syslog e holo nei, ka hoʻohana ʻana o TLS/SSL encryption a me ka hōʻoia o ka mea kūʻai aku syslog.
No ka loiloi hohonu o nā hanana ma luna o ka ʻelele a i ʻole ke hoʻopili ʻana i ke kākoʻo ʻenehana, hiki iā ʻoe ke hōʻiliʻili koke i nā lāʻau mai ka mea kūʻai aku ʻo SandBlast Agent me ka hoʻohana ʻana i kahi hana koi ma ka ʻāpana Push Operations. Hiki iā ʻoe ke hoʻonohonoho i ka hoʻololi ʻana o ka waihona i hana ʻia me nā lāʻau i nā kikowaena Check Point a i ʻole nā kauā hui, a mālama ʻia ka waihona me nā lāʻau ma ka mīkini o ka mea hoʻohana ma ka papa kuhikuhi C:UsusernameCPInfo. Kākoʻo ia i ka hoʻokuʻu ʻana i ke kaʻina o ka hōʻiliʻili lāʻau i ka manawa i ʻōlelo ʻia a me ka hiki ke hoʻopanee i ka hana a ka mea hoʻohana.
Huli hooweliweli
Hoʻohana ʻia ka Threat Hunt no ka ʻimi ʻana i nā hana ʻino a me nā ʻano ʻino i loko o kahi ʻōnaehana e noiʻi hou ai i kahi hanana palekana. ʻO ka ʻāpana Threat Hunting i ka Management Platform e ʻae iā ʻoe e ʻimi i nā hanana me nā ʻāpana kikoʻī i ka ʻikepili mīkini mea hoʻohana.
He mau nīnau i koho mua ʻia ka mea hana Threat Hunting, no ka laʻana: no ka hoʻokaʻawale ʻana i nā kāʻei kapu a i ʻole nā faila, e hahai i nā noi kakaʻikahi i kekahi mau IP address (pili i nā helu helu maʻamau). ʻO ka hoʻolālā noi he ʻekolu mau ʻāpana: anakahi (ka protocol network, ka ʻike kaʻina hana, ʻano faila, a me nā mea ʻē aʻe), mea hoʻohana ("ʻo", "ʻaʻole", "hoʻokomo", "kekahi o", etc.) a kino noi. Hiki iā ʻoe ke hoʻohana i nā ʻōlelo maʻamau i loko o ke kino o ka noi, a hiki iā ʻoe ke hoʻohana i nā kānana lehulehu i ka manawa hoʻokahi i ka pahu hulina.
Ma hope o ke koho ʻana i kahi kānana a hoʻopau i ka hana noi, hiki iā ʻoe ke komo i nā hanana kūpono āpau, me ka hiki ke nānā i ka ʻike kikoʻī e pili ana i ka hanana, hoʻokaʻawale i ka mea noi, a i ʻole e hana i kahi hōʻike Forensics kikoʻī me kahi wehewehe o ka hanana. I kēia manawa, aia kēia mea hana ma ka mana beta a i ka wā e hiki mai ana ua hoʻolālā ʻia e hoʻonui i ka hoʻonohonoho o nā mea hiki, no ka laʻana, hoʻohui i ka ʻike e pili ana i ka hanana ma ke ʻano o kahi matrix Mitre Att&ck.
hopena
E hōʻuluʻulu mākou: ma kēia ʻatikala ua nānā mākou i nā hiki ke nānā i nā hanana palekana i ka SandBlast Agent Management Platform, a ua aʻo i kahi mea hana hou no ka ʻimi pono ʻana i nā hana ʻino a me nā anomalies ma nā mīkini mea hoʻohana - Threat Hunting. ʻO ka ʻatikala aʻe ka mea hope loa i kēia pūʻulu a ma loko e nānā mākou i nā nīnau i nīnau pinepine ʻia e pili ana i ka hoʻonā Management Platform a kamaʻilio e pili ana i nā hiki ke hoʻāʻo i kēia huahana.
. I mea e poina ʻole ai i nā paʻi hou e pili ana i ke kumuhana SandBlast Agent Management Platform, e hahai i nā mea hou ma kā mākou ʻoihana pūnaewele (, , , , ).
Source: www.habr.com