Pehea ka ʻokoʻa o kahi luna palekana IT maikaʻi mai ka mea maʻamau? ʻAʻole, ʻaʻole ma ka ʻoiaʻiʻo i kēlā me kēia manawa e kāhea ʻo ia mai ka hoʻomanaʻo ʻana i ka helu o nā leka i hoʻouna ʻia e ka luna Igor i nehinei i kāna hoa hana ʻo Maria. Ke ho'āʻo nei kahi luna palekana maikaʻi e ʻike i nā hewa i hiki ke hoʻopaʻa ʻia i ka manawa maoli, e hana ana i nā hana āpau i ʻole e hoʻomau ʻia ka hanana. ʻO nā ʻōnaehana hoʻokele hanana palekana (SIEM, mai ka ʻike palekana a me ka hoʻokele hanana) e maʻalahi i ka hana o ka hoʻoponopono wikiwiki ʻana a me ka pale ʻana i nā hoʻāʻo ʻino.
ʻO ka mea maʻamau, hui pū nā ʻōnaehana SIEM i kahi ʻōnaehana hoʻokele mālama ʻike a me kahi ʻōnaehana hoʻokele hanana palekana. ʻO kahi hiʻohiʻona koʻikoʻi o nā ʻōnaehana ka nānā ʻana i nā hanana palekana i ka manawa maoli, e hiki ai iā ʻoe ke pane aku iā lākou ma mua o ka hoʻomaka ʻana o ka pōʻino e kū nei.
ʻO nā hana nui o nā ʻōnaehana SIEM:
- ʻOhi ʻikepili a me ka hoʻoponopono maʻamau
- Hoʻopili ʻikepili
- Makaʻala
- Nā panela ʻike
- Hoʻonohonoho o ka mālama ʻikepili
- Huli ʻikepili a me ka nānā ʻana
- Hōʻike
ʻO nā kumu no ka koi kiʻekiʻe no nā ʻōnaehana SIEM
I kēia mau lā, ua piʻi nui ka paʻakikī a me ka hoʻonohonoho ʻana o nā hoʻouka ʻana i nā ʻōnaehana ʻike. I ka manawa like, ʻoi aku ka paʻakikī o ka paʻakikī o nā mea hana hoʻomalu ʻike i hoʻohana ʻia - nā ʻōnaehana ʻike intrusion a me ka host, nā ʻōnaehana DLP, nā ʻōnaehana anti-virus a me nā pā ahi, nā mea ʻimi nawaliwali, a pēlā aku. Hoʻopuka kēlā me kēia mea pale i kahi kahawai o nā hanana me nā kikoʻī like ʻole, a pinepine ʻoe e ʻike i kahi hoʻouka ʻana ma o ka superimposing hanana mai nā ʻōnaehana like ʻole.
Nui nā mea e pili ana i nā ʻano ʻōnaehana SIEM pāʻoihana , akā hāʻawi mākou i kahi ʻike pōkole o nā ʻōnaehana SIEM open source manuahi ʻole i loaʻa ʻole nā palena kūlohelohe i ka helu o nā mea hoʻohana a i ʻole ka nui o nā ʻikepili i mālama ʻia i loaʻa, a ua maʻalahi hoʻi ke scalable a kākoʻo ʻia. Manaʻo mākou e kōkua kēia i ka loiloi i ka hiki o ia mau ʻōnaehana a hoʻoholo i ka hoʻohui ʻana i ia mau hopena i loko o nā kaʻina ʻoihana ʻoihana.
AlienVault OSSIM
ʻO AlienVault OSSIM ka mana open-source o AlienVault USM, kekahi o nā ʻōnaehana SIEM kalepa nui. ʻO OSSIM kahi papa hana i loaʻa i kekahi mau papahana open source, me ka Snort network intrusion detection system, ka Nagios network and host monitoring system, ka OSSEC host intrusion detection system, a me ka OpenVAS vulnerability scanner.
Hoʻohana ka nānā ʻana i nā hāmeʻa iā AlienVault Agent, nāna e hoʻouna i nā lāʻau mai ka mea hoʻokipa ma ke ʻano syslog i ke kahua GELF, a i ʻole hiki ke hoʻohana ʻia kahi plug-in e hoʻohui pū me nā lawelawe ʻaoʻao ʻekolu, e like me kā Cloudflare's website reverse proxy service or Okta's multi-factor authentication system. .
ʻOkoʻa ka mana USM mai OSSIM i ka hoʻokele lāʻau i hoʻonui ʻia, ka nānā ʻana i ke ao, ka automation, a me ka ʻike hoʻoweliweli hou a me ka ʻike.
pono
- Kūkulu ʻia ma luna o nā papahana open-source i hōʻoia ʻia;
- Ke kaiāulu nui o nā mea hoʻohana a me nā mea hoʻomohala.
hewa
- ʻAʻole i kākoʻo i ka nānā ʻana i ka paepae kapuaʻi (e like me AWS a i ʻole Azure);
- ʻAʻohe hoʻokele log, visualization, automation a hoʻohui pū me nā lawelawe ʻaoʻao ʻekolu.
MozDef (Pūnaewele Palekana ʻo Mozilla)
Hoʻohana ʻia ka ʻōnaehana ʻo MozDef SIEM o Mozilla e hoʻokaʻawale i nā kaʻina hana palekana. Hoʻolālā ʻia ka ʻōnaehana mai ka honua no ka hana kiʻekiʻe, scalability a me ka hoʻomanawanui hewa, me ka microservice architecture - holo kēlā me kēia lawelawe i kahi pahu Docker.
E like me OSSIM, kūkulu ʻia ʻo MozDef ma nā papahana open source i hoʻāʻo ʻia, me ka Elasticsearch log indexing and search module, ka Meteor framework no ke kūkulu ʻana i kahi kikowaena pūnaewele maʻalahi, a me ka plugin Kibana no ka nānā ʻana a me ka hoʻolālā.
Hana ʻia ka hoʻoponopono ʻana a me ka makaʻala me ka hoʻohana ʻana i kahi hulina Elasticsearch, e ʻae iā ʻoe e kākau i kāu hana ponoʻī a me nā lula makaʻala me ka Python. Wahi a Mozilla, hiki iā MozDef ke mālama ma luna o 300 miliona mau hanana i kēlā me kēia lā. ʻAe wale ʻo MozDef i nā hanana ma JSON format, akā aia ka hoʻohui me nā lawelawe ʻaoʻao ʻekolu.
pono
- ʻAʻole hoʻohana i nā mea hana - hana me nā log JSON maʻamau;
- Mahalo maʻalahi i ka microservice architecture;
- Kākoʻo i nā kumu ʻikepili lawelawe kapua me AWS CloudTrail a me GuardDuty.
hewa
- He ʻōnaehana hou a emi ʻole.
Wazuh
Ua hoʻomaka ʻo Wazuh ma ke ʻano o ka OSSEC, kekahi o nā SIEM punahele kaulana loa. A i kēia manawa, ʻo ia kāna hoʻonā kūʻokoʻa me nā hana hou, hoʻoponopono bug a me kahi hoʻolālā hoʻolālā.
Kūkulu ʻia ka ʻōnaehana ma luna o ElasticStack (Elasticsearch, Logstash, Kibana) a kākoʻo i ka hōʻiliʻili ʻikepili i hoʻokumu ʻia e ka luna a me ka ʻōnaehana log ingestion. He mea maikaʻi kēia no ka nānā ʻana i nā hāmeʻa e hoʻopuka ana i nā lāʻau akā ʻaʻole kākoʻo i ka hoʻokomo ʻana i nā mea hana - nā ʻenehana pūnaewele, nā mea paʻi, a me nā peripheral.
Kākoʻo ʻo Wazuh i nā ʻelele OSSEC i kēia manawa a hāʻawi pū i ke alakaʻi i ka neʻe ʻana mai OSSEC a i Wazuh. ʻOiai e mālama mau ʻia ana ʻo OSSEC, ʻike ʻia ʻo Wazuh ma ke ʻano he hoʻomau o OSSEC ma muli o ka hoʻohui ʻana o kahi kikowaena pūnaewele hou, REST API, kahi hoʻonohonoho piha o nā lula, a me nā mea hou aku he nui.
pono
- Ma muli a kūpono me ka SIEM OSSEC kaulana;
- Kākoʻo i nā koho hoʻonohonoho like ʻole: Docker, Puppet, Chef, Ansible;
- Kākoʻo i ka nānā ʻana i nā lawelawe ao, me AWS a me Azure;
- Loaʻa i kahi pūʻulu o nā lula e ʻike i nā ʻano hoʻouka he nui a hiki iā lākou ke hoʻohālikelike e like me PCI DSS v3.1 a me CIS.
- Hoʻohui pū me ka ʻōnaehana mālama a me ka ʻōnaehana loiloi Splunk, ʻike ʻike hanana a me ke kākoʻo API.
hewa
- ʻO ka hoʻolālā paʻakikī - Pono i kahi hoʻolālā Elastic Stack piha me nā mea kikowaena Wazuh.
OSS mua
ʻO Prelude OSS kahi mana wehe o ka Prelude SIEM pāʻoihana i hoʻomohala ʻia e ka hui Farani CS. ʻO ka hoʻonā he ʻōnaehana SIEM modular maʻalahi e kākoʻo ana i nā ʻano log he nui, hoʻohui pū me nā mea hana ʻaoʻao ʻekolu e like me OSSEC, Snort, a me ka ʻōnaehana ʻike pūnaewele Suricata.
Hoʻonohonoho ʻia kēlā me kēia hanana i kahi leka IDMEF, e hoʻomaʻamaʻa i ka hoʻololi ʻana i ka ʻikepili me nā ʻōnaehana ʻē aʻe. Akā aia kekahi lele i loko o ka ʻaila - ʻo Prelude OSS ka palena loa i ka hana a me ka hana i hoʻohālikelike ʻia i ka mana kālepa o Prelude SIEM, a ua manaʻo ʻia no nā papahana liʻiliʻi a i ʻole no ke aʻo ʻana i nā hoʻonā SIEM a me ka loiloi Prelude SIEM.
pono
- Ua kūkulu ʻia ka ʻōnaehana hoʻāʻo manawa mai ka makahiki 1998;
- Kākoʻo ʻia nā ʻano loina like ʻole;
- Hoʻoponopono maʻamau i ka ʻikepili IMDEF, kahi e maʻalahi ai ka hoʻoili ʻana i ka ʻikepili i nā ʻōnaehana palekana ʻē aʻe.
hewa
- Ka palena nui i ka hana a me ka hana i hoʻohālikelike ʻia me nā ʻōnaehana SIEM open-source ʻē aʻe.
Sagana
ʻO Sagan kahi SIEM hana kiʻekiʻe e hōʻike ana i ka launa pū me Snort. Ma waho aʻe o ke kākoʻo ʻana i nā lula i kākau ʻia no Snort, hiki iā Sagan ke kākau i ka waihona Snort a hiki ke hoʻohana ʻia me ka interface Shuil. ʻO ka mea maʻamau, ʻo ia kahi hopena māmā, multi-threaded e hāʻawi i nā hiʻohiʻona hou i ka wā e noho aloha ai i nā mea hoʻohana Snort.
pono
- Hoʻopili piha me ka Snort database, rules, and user interface;
- Hāʻawi ka hale hoʻolālā multi-threaded i ka hana kiʻekiʻe.
hewa
- ʻO ka papahana ʻōpio me kahi kaiāulu liʻiliʻi;
- He kaʻina hana paʻakikī, me ke kūkulu ʻana i ka SIEM holoʻokoʻa mai ke kumu.
hopena
Loaʻa i kēlā me kēia o nā ʻōnaehana SIEM i wehewehe ʻia i kona mau hiʻohiʻona a me nā palena, no laila ʻaʻole hiki ke kapa ʻia lākou he hopena honua no kekahi hui. Eia nō naʻe, he open-source kēia mau hoʻonā, e ʻae iā lākou e kau ʻia, hoʻāʻo ʻia, a loiloi ʻia me ka ʻole o ka nui o nā kumukūʻai.
He aha hou kāu e heluhelu ai ma ka blog?
→
→
→
→
→
Kau inoa i kā mākou -channel, i ʻole e poina i ka ʻatikala aʻe! ʻAʻole mākou e kākau ʻoi aku ma mua o ʻelua manawa i ka pule a ma ka ʻoihana wale nō.
Source: www.habr.com