ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > 5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Zoo siab txais tos rau tsab xov xwm thib tsib hauv koob hais txog Check Point SandBlast Agent Management Platform daws. Cov kab lus dhau los tuaj yeem pom los ntawm kev ua raws li qhov txuas tsim nyog: thawj zaug, ob, qhov thib peb, thib plaub. Niaj hnub no peb yuav saib xyuas cov peev xwm hauv Kev Tswj Xyuas Platform, uas yog ua haujlwm nrog cov cav, sib tham sib dashboards (Saib) thiab cov ntawv ceeb toom. Peb kuj tseem yuav kov lub ntsiab lus ntawm Kev Nyuaj Siab Hunting txhawm rau txheeb xyuas qhov kev hem thawj tam sim no thiab cov xwm txheej tsis zoo ntawm tus neeg siv lub tshuab.

cav

Lub hauv paus ntsiab lus ntawm cov ntaub ntawv rau kev saib xyuas kev ruaj ntseg cov xwm txheej yog Cov Logs seem, uas qhia cov ncauj lus kom ntxaws ntawm txhua qhov xwm txheej thiab tseem tso cai rau koj siv cov ntxaij lim dej yooj yim los kho koj cov txheej txheem tshawb nrhiav. Piv txwv li, thaum koj right-click rau ib qho parameter (Hniav, Action, Severity, thiab lwm yam) ntawm lub cav ntawm kev txaus siab, qhov parameter no yuav raug lim raws li. Lim: "Parameter" los yog Lim tawm: "Parameter". Tsis tas li ntawd rau qhov chaw tsis muaj tus IP cuab yeej xaiv tau xaiv qhov twg koj tuaj yeem khiav ping mus rau qhov chaw nyob IP / lub npe lossis khiav nslookup kom tau txais qhov chaw nyob IP los ntawm lub npe.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Nyob rau hauv cov ntawv teev lus, rau kev lim cov xwm txheej, muaj ib ntu ntu ntawm Statistics, uas qhia cov txheeb cais ntawm txhua qhov tsis muaj: daim duab lub sijhawm nrog tus lej ntawm cov cav, nrog rau feem pua ​​​​ntawm txhua qhov ntsuas. Los ntawm ntu ntu no koj tuaj yeem lim cov cav tau yooj yim yam tsis tas siv cov ntawv tshawb nrhiav thiab sau cov kab lus lim dej - tsuas yog xaiv qhov tsis txaus siab thiab cov npe tshiab ntawm cov cav yuav tshwm sim tam sim ntawd.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Cov ncauj lus kom ntxaws ntawm txhua lub cav muaj nyob rau hauv lub vaj huam sib luag sab xis ntawm ntu Logs, tab sis nws yooj yim dua los qhib lub cav los ntawm ob-nias los txheeb xyuas cov ntsiab lus. Hauv qab no yog ib qho piv txwv ntawm ib lub cav (daim duab yog clickable), uas qhia cov ncauj lus kom ntxaws txog qhov tshwm sim ntawm Kev Tiv Thaiv Kev Ua Phem Txhaum Cai ntawm cov ntaub ntawv ".docx" uas muaj kab mob. Lub cav muaj ob peb ntu uas tso saib cov ntsiab lus ntawm kev ruaj ntseg tshwm sim: ua rau cov cai thiab kev tiv thaiv, cov ntaub ntawv pov thawj, cov ntaub ntawv hais txog tus neeg siv khoom thiab kev khiav tsheb. Cov ntawv ceeb toom muaj los ntawm lub cav tsim nyog tau txais kev saib xyuas tshwj xeeb - Kev Ceeb Toom Emulation Report thiab Forensics Report. Cov ntawv ceeb toom no tseem tuaj yeem qhib los ntawm SandBlast Agent tus neeg siv khoom.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Kev Ceeb Toom Txog Kev Nyuaj Siab

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Thaum siv Cov Kev Nyuaj Siab Emulation hniav, tom qab emulation yog nqa tawm nyob rau hauv lub Check Point huab, ib tug txuas mus rau ib tug ncauj lus kom ntxaws qhia txog cov emulation tshwm sim - ceeb ntshai Emulation Report - tshwm nyob rau hauv cov ntaub ntawv sib thooj. Cov ntsiab lus ntawm daim ntawv tshaj tawm no tau piav qhia meej hauv peb tsab xov xwm txog malware tsom xam siv Check Point SandBlast Network forensics. Nws yog tsim nyog sau cia tias daim ntawv tshaj tawm no muaj kev sib tham sib thiab tso cai rau koj "dhia rau" cov ntsiab lus rau txhua ntu. Nws kuj tseem tuaj yeem saib cov ntaub ntawv teev tseg ntawm cov txheej txheem emulation hauv lub tshuab virtual, rub tawm cov ntaub ntawv tsis zoo lossis tau txais nws cov hash, thiab tseem hu rau Pab Pawg Saib Xyuas Teeb Meem Teb.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Forensics Report

Yuav luag txhua qhov xwm txheej kev nyab xeeb, Daim Ntawv Qhia Txog Kev Tshawb Fawb tau tsim, uas suav nrog cov ncauj lus kom ntxaws txog cov ntaub ntawv tsis zoo: nws cov yam ntxwv, kev ua, nkag mus rau hauv qhov system thiab cuam tshuam rau cov tuam txhab tseem ceeb. Peb tau tham txog cov qauv ntawm daim ntawv tshaj tawm hauv kev nthuav dav hauv kab lus hais txog malware tsom xam siv Check Point SandBlast Agent forensics. Daim ntawv tshaj tawm no yog ib qho tseem ceeb ntawm cov ntaub ntawv thaum tshawb xyuas cov xwm txheej kev nyab xeeb, thiab yog tias tsim nyog, cov ntsiab lus ntawm daim ntawv tshaj tawm tuaj yeem raug xa mus rau Pab Pawg Saib Xyuas Teeb Meem Teeb Meem tam sim ntawd.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

SmartView

Check Point SmartView yog ib qho cuab yeej yooj yim rau kev tsim thiab saib dynamic dashboards (Saib) thiab tshaj tawm hauv PDF hom. Los ntawm SmartView koj tuaj yeem saib cov neeg siv cov ntawv teev npe thiab tshawb xyuas cov xwm txheej rau cov thawj coj. Daim duab hauv qab no qhia txog cov ntaub ntawv tseem ceeb tshaj plaws thiab cov dashboards rau kev ua haujlwm nrog SandBlast Agent.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Cov ntawv ceeb toom hauv SmartView yog cov ntaub ntawv nrog cov ntaub ntawv txheeb xyuas txog cov xwm txheej hauv ib lub sijhawm. Nws txhawb nqa cov ntaub ntawv xa tawm hauv PDF hom rau lub tshuab uas SmartView qhib, nrog rau kev xa tawm mus rau PDF / Excel rau tus thawj tswj hwm email. Tsis tas li ntawd, nws txhawb nqa ntshuam / xa tawm cov qauv qhia, tsim koj tus kheej cov ntawv ceeb toom, thiab muaj peev xwm zais cov npe neeg siv hauv cov ntawv ceeb toom. Daim duab hauv qab no qhia txog ib qho piv txwv ntawm daim ntawv qhia txog Kev Tiv Thaiv Kev Nyab Xeeb uas tsim los.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Dashboards (Saib) hauv SmartView tso cai rau tus thawj coj nkag mus rau cov ntawv teev npe rau cov xwm txheej sib thooj - tsuas yog ob npaug rau nyem rau ntawm qhov khoom nyiam, yog nws kab ntawv lossis lub npe ntawm cov ntaub ntawv tsis zoo. Raws li nrog cov ntawv ceeb toom, koj tuaj yeem tsim koj tus kheej dashboards thiab zais cov ntaub ntawv neeg siv. Dashboards tseem txhawb nqa / xa tawm cov qauv, tsis tu ncua upload rau PDF / Excel rau tus thawj tswj hwm tus email, thiab cov ntaub ntawv tsis siv neeg hloov tshiab los saib xyuas cov xwm txheej ruaj ntseg hauv lub sijhawm.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Kev saib xyuas ntxiv

Ib qho kev piav qhia ntawm cov cuab yeej saib xyuas hauv Kev Tswj Xyuas Platform yuav ua tsis tiav yam tsis tau hais txog Cov Txheej Txheem, Kev Tswj Xyuas Computer, Qhov Chaw Xaus Kawg thiab Push Operations seem. Cov ntu no tau piav qhia meej hauv tsab xov xwm thib obTxawm li cas los xij, nws yuav muaj txiaj ntsig zoo los txiav txim siab lawv lub peev xwm los daws cov teeb meem saib xyuas. Cia peb pib nrog Txheej txheem cej luam, uas muaj ob ntu - Cov Txheej Txheem Kev Ua Haujlwm thiab Kev Nyab Xeeb Kev Nyab Xeeb, uas yog cov dashboards nrog cov ntaub ntawv hais txog lub xeev ntawm kev tiv thaiv cov neeg siv tshuab thiab cov xwm txheej ruaj ntseg. Raws li thaum muaj kev cuam tshuam nrog lwm lub dashboard, Cov Txheej Txheem Kev Ua Haujlwm thiab Kev Ruaj Ntseg Txheej Txheem ntu ntu, thaum ob zaug-nias ntawm qhov tsis txaus siab, tso cai rau koj mus rau ntu Kev Tswj Xyuas Computer nrog cov lim xaiv (piv txwv li, "Desktops" lossis "Pre- Boot Status: Enabled”), lossis mus rau ntu Cov Ntawv Teev Npe rau ib qho xwm txheej tshwj xeeb. Txoj Kev Saib Xyuas Kev Ruaj Ntseg yog ntu "Cyber ​​​​Attack View - Endpoint" dashboard, uas tuaj yeem hloov kho thiab teeb tsa kom hloov kho cov ntaub ntawv.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Los ntawm ntu Kev Tswj Xyuas Computer koj tuaj yeem saib xyuas cov xwm txheej ntawm tus neeg sawv cev ntawm cov neeg siv tshuab, hloov kho cov xwm txheej ntawm Anti-Malware database, theem ntawm disk encryption, thiab ntau ntxiv. Tag nrho cov ntaub ntawv tau hloov kho tshiab, thiab rau txhua lim cov feem pua ​​​​ntawm cov neeg siv cov tshuab raug tso tawm kom pom. Exporting computer cov ntaub ntawv nyob rau hauv CSV hom kuj txhawb.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Ib qho tseem ceeb ntawm kev saib xyuas kev ruaj ntseg ntawm chaw ua haujlwm yog teeb tsa cov ntawv ceeb toom txog cov xwm txheej tseem ceeb (Alerts) thiab xa tawm cov cav (Export Events) rau kev khaws cia ntawm lub tuam txhab lub cav server. Ob qho kev teeb tsa tau ua nyob rau hauv ntu Endpoint Settings, thiab rau alerts Nws muaj peev xwm txuas tau tus neeg rau zaub mov xa ntawv xa cov ntawv ceeb toom xwm txheej rau tus thawj tswj hwm thiab teeb tsa qhov pib rau kev cuam tshuam / cuam tshuam cov ntawv ceeb toom nyob ntawm feem pua ​​/ tus lej ntawm cov khoom siv uas ua tau raws li cov xwm txheej tshwm sim. Cov Txheej Txheem Tshaj Tawm tso cai rau koj los teeb tsa kev hloov pauv ntawm cov cav los ntawm Kev Tswj Xyuas Platform mus rau lub tuam txhab lub cav neeg rau zaub mov rau kev ua haujlwm ntxiv. Txhawb SYSLOG, CEF, LEEF, SPLUNK tawm tswv yim, TCP / UDP raws tu qauv, ib qho SIEM systems nrog tus khiav syslog tus neeg saib xyuas, kev siv TLS / SSL encryption thiab syslog neeg siv authentication.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Rau kev txheeb xyuas qhov tob ntawm cov xwm txheej ntawm tus neeg sawv cev lossis hauv cov ntaub ntawv ntawm kev tiv tauj kev txhawb nqa, koj tuaj yeem sau cov ntawv teev npe sai ntawm SandBlast Agent tus neeg siv khoom siv yuam kev hauv ntu Push Operations. Koj tuaj yeem teeb tsa kev hloov pauv ntawm cov ntaub ntawv tsim tawm nrog cov ntawv teev npe rau Check Point servers lossis cov tuam txhab servers, thiab cov ntaub ntawv nrog cov cav raug khaws cia rau ntawm tus neeg siv lub tshuab hauv C: UsersusernameCPInfo directory. Nws txhawb nqa lub cav sau cov txheej txheem ntawm lub sijhawm teev tseg thiab muaj peev xwm ncua kev ua haujlwm los ntawm tus neeg siv.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Kev Yos Hav Zoov

Kev Nyab Xeeb Kev Nyab Xeeb yog siv los tshawb nrhiav cov haujlwm phem thiab kev coj tus cwj pwm tsis zoo hauv lub kaw lus txhawm rau tshawb xyuas qhov xwm txheej muaj kev nyab xeeb ntxiv. Ntu Kev Nyab Xeeb Kev Nyab Xeeb hauv Kev Tswj Xyuas Platform tso cai rau koj los tshawb nrhiav cov xwm txheej nrog cov kev txwv tsis pub muaj nyob hauv cov ntaub ntawv siv tshuab.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Cov cuab yeej Threat Hunting muaj ntau cov lus nug ua ntej, piv txwv li: txhawm rau txheeb xyuas qhov tsis zoo lossis cov ntaub ntawv, taug qab cov lus thov tsis tshua muaj rau qee qhov chaw nyob IP (xws li cov txheeb cais dav dav). Cov qauv thov muaj peb yam tsis muaj: qhov taw qhia (network raws tu qauv, txheej txheem identifier, hom ntaub ntawv, thiab lwm yam), tus neeg teb xov tooj ("yog", "tsis yog", "nrog", "ib qho", thiab lwm yam) thiab thov lub cev. Koj tuaj yeem siv cov lus qhia tsis tu ncua hauv lub cev ntawm qhov kev thov, thiab koj tuaj yeem siv ntau cov ntxaij lim dej ib txhij hauv qhov tshawb nrhiav bar.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

Tom qab xaiv lub lim thiab ua tiav kev thov, koj tuaj yeem nkag mus rau txhua qhov xwm txheej cuam tshuam, nrog lub peev xwm los saib cov ncauj lus kom ntxaws txog qhov xwm txheej, cais cov khoom thov, lossis tsim cov ncauj lus kom ntxaws Forensics Report nrog cov lus piav qhia ntawm qhov xwm txheej. Tam sim no, cov cuab yeej no yog nyob rau hauv beta version thiab yav tom ntej nws tau npaj los nthuav tawm cov txheej txheem muaj peev xwm, piv txwv li, ntxiv cov ntaub ntawv hais txog qhov xwm txheej hauv daim ntawv ntawm Miter Att&ck matrix.

5. Tshawb xyuas Point SandBlast Agent Management Platform. Logs, Reports & Forensics. Kev Yos Hav Zoov

xaus

Cia peb xaus: hauv tsab xov xwm no peb tau saib lub peev xwm ntawm kev saib xyuas kev ruaj ntseg hauv SandBlast Agent Management Platform, thiab kawm txog cov cuab yeej tshiab rau kev tshawb nrhiav kev ua phem thiab kev tsis sib haum xeeb ntawm cov neeg siv tshuab - Kev Nyab Xeeb Kev Nyab Xeeb. Cov kab lus tom ntej no yuav yog qhov kawg hauv cov koob no thiab hauv nws peb yuav saib cov lus nug uas nquag nug txog Kev Tswj Platform daws thiab tham txog qhov muaj peev xwm ntawm kev sim cov khoom no.

Kev xaiv loj ntawm cov ntaub ntawv ntawm Check Point los ntawm TS Solution. Txhawm rau kom tsis txhob nco cov ntawv tshaj tawm tom ntej ntawm lub ncauj lus SandBlast Agent Management Platform, ua raws cov kev hloov tshiab ntawm peb cov kev sib raug zoo (Telegram, Facebook, VK, TS Solution Blog, Yandex.Zen).

Tau qhov twg los: www.hab.com

Ntxiv ib saib