ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > 5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

Tus kws tshaj lij IT kev ruaj ntseg zoo sib txawv li cas los ntawm ib qho yooj yim? Tsis yog, tsis yog los ntawm qhov tseeb tias thaum twg los xij nws tuaj yeem sau npe los ntawm kev nco txog cov lus uas tus thawj coj Igor xa nag hmo rau nws cov npoj yaig Maria. Tus kws tshaj lij kev ruaj ntseg zoo sim txheeb xyuas qhov ua txhaum cai ua ntej thiab ntes lawv raws sijhawm, ua txhua yam kom ntseeg tau tias qhov xwm txheej tsis txuas ntxiv mus. Kev tswj hwm qhov xwm txheej kev nyab xeeb (SIEM, los ntawm Kev Ruaj Ntseg Cov Ntaub Ntawv thiab Kev Tswj Xyuas Txheej Txheem) ua kom yooj yim rau txoj haujlwm ntawm kev ceev ceev ceev thiab thaiv kev sim ua txhaum cai.

Kev lig kev cai, SIEM systems muab cov ntaub ntawv kev nyab xeeb kev tswj hwm thiab kev tswj hwm kev nyab xeeb. Ib qho tseem ceeb ntawm cov tshuab yog kev soj ntsuam ntawm kev ruaj ntseg cov xwm txheej hauv lub sijhawm, uas tso cai rau koj los teb rau lawv ua ntej kev puas tsuaj tshwm sim.

Lub luag haujlwm tseem ceeb ntawm SIEM systems:

  • Kev sau cov ntaub ntawv thiab normalization
  • Data Correlation
  • Ceeb toom
  • Visualization panels
  • Lub koom haum ntawm kev khaws cov ntaub ntawv
  • Kev Tshawb Fawb thiab Kev Tshawb Fawb
  • Qhia

Yog vim li cas rau qhov kev thov siab rau SIEM systems

Tsis ntev los no, qhov nyuaj thiab kev sib koom tes ntawm kev tawm tsam ntawm cov ntaub ntawv xov xwm tau nce ntau heev. Nyob rau tib lub sijhawm, cov ntaub ntawv kev ruaj ntseg cov cuab yeej siv kuj tau dhau los ua nyuaj - network thiab host-based intrusion detection systems, DLP systems, anti-virus systems thiab firewalls, vulnerability scanners, thiab lwm yam. Txhua lub cuab yeej kev ruaj ntseg tsim cov kwj ntawm cov xwm txheej nrog ntau theem ntawm kev nthuav dav, thiab feem ntau qhov kev tawm tsam tsuas yog pom tau los ntawm kev sib tshooj ntawm cov txheej txheem sib txawv.

Muaj ntau ntau txog txhua yam kev lag luam SIEM systems nws yog daim ntawv, tab sis peb muab cov lus piav qhia luv luv ntawm qhov pub dawb, puv puv qhib SIEM cov tshuab uas tsis muaj kev txwv tsis pub siv cov neeg siv lossis cov ntim ntawm cov ntaub ntawv khaws cia, thiab kuj yooj yim scalable thiab txhawb nqa. Peb cia siab tias qhov no yuav pab ntsuam xyuas lub peev xwm ntawm cov tshuab zoo li no thiab txiav txim siab seb cov kev daws teeb meem no puas tsim nyog koom ua ke rau hauv lub tuam txhab cov txheej txheem kev lag luam.

AlienVault OSSIM

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

AlienVault OSSIM yog qhov qhib-qhov version ntawm AlienVault USM, yog ib qho ntawm kev lag luam SIEM systems. OSSIM yog lub moj khaum uas muaj ntau qhov chaw qhib, suav nrog Snort network intrusion detection system, Nagios network thiab tus tswv saib xyuas qhov system, OSSEC host-based intrusion detection system, thiab OpenVAS vulnerability scanner.

Txhawm rau saib xyuas cov khoom siv, AlienVault Agent yog siv, uas xa cov cav los ntawm tus tswv tsev hauv syslog hom mus rau GELF platform, lossis lub plugin tuaj yeem siv rau kev koom ua ke nrog cov kev pabcuam thib peb, xws li Cloudflare lub vev xaib thim rov qab kev pabcuam lossis Okta multi -factor authentication system.

USM version txawv ntawm OSSIM nrog kev ua haujlwm zoo dua rau kev tswj xyuas cov cav, kev saib xyuas huab cua, automation, thiab cov ntaub ntawv hem tshiab thiab pom.

zoo

  • Ua los ntawm kev ua pov thawj qhib qhov project;
  • Cov zej zog loj ntawm cov neeg siv thiab cov tsim tawm.

Disadvantages

  • Tsis txhawb kev saib xyuas huab platforms (piv txwv li, AWS lossis Azure);
  • Tsis muaj kev tswj xyuas cov cav, kev pom, automation lossis kev koom ua ke nrog cov kev pabcuam thib peb.

Tau qhov twg los

MozDef (Mozilla Defense Platform)

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

MozDef SIEM system tsim los ntawm Mozilla yog siv los ua kom cov txheej txheem kev nyab xeeb ua tiav. Lub kaw lus yog tsim los ntawm hauv av mus txog rau kev ua tau zoo tshaj plaws, scalability thiab ua txhaum cai, nrog rau microservice architecture - txhua qhov kev pabcuam khiav hauv Docker thawv.

Zoo li OSSIM, MozDef tau tsim los ntawm lub sijhawm sim qhib qhov project, suav nrog Elasticsearch cav indexing thiab tshawb nrhiav module, Meteor platform rau tsim lub vev xaib hloov pauv tau yooj yim, thiab Kibana plugin rau kev pom thiab teeb tsa.

Kev sib raug zoo thiab kev ceeb toom yog ua los ntawm Elasticsearch cov lus nug, uas tso cai rau koj sau koj tus kheej qhov kev tshwm sim thiab ceeb toom cov cai siv Python. Raws li Mozilla, MozDef tuaj yeem ua ntau dua 300 lab txheej xwm hauv ib hnub. MozDef tsuas yog lees txais cov xwm txheej hauv JSON hom, tab sis muaj kev koom ua ke nrog cov kev pabcuam thib peb.

zoo

  • Tsis siv cov neeg sawv cev - ua haujlwm nrog cov qauv JSON cav;
  • Yooj yim ntsuas ua tsaug rau microservice architecture;
  • Txhawb kev pabcuam huab cov ntaub ntawv suav nrog AWS CloudTrail thiab GuardDuty.

Disadvantages

  • Tshiab thiab tsawg tsim system.

Tau qhov twg los

Wazuh

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

Wazuh pib txoj kev loj hlob raws li ib tug diav rawg ntawm OSSEC, ib qho ntawm feem nrov qhib qhov chaw SIEMs. Thiab tam sim no nws yog nws tus kheej tshwj xeeb kev daws teeb meem nrog kev ua haujlwm tshiab, kho kab laum thiab txhim kho architecture.

Lub kaw lus yog tsim los ntawm ElasticStack pawg (Elasticsearch, Logstash, Kibana) thiab txhawb nqa ob tus neeg saib xyuas cov ntaub ntawv khaws cia thiab kev nkag mus rau qhov system. Qhov no ua rau nws muaj txiaj ntsig zoo rau kev saib xyuas cov khoom siv uas tsim cov cav tab sis tsis txhawb kev txhim kho tus neeg sawv cev - cov khoom siv network, tshuab luam ntawv thiab khoom siv.

Wazuh txhawb nqa OSSEC cov neeg sawv cev uas twb muaj lawm thiab tseem muab kev taw qhia txog kev tsiv teb tsaws ntawm OSSEC mus rau Wazuh. Txawm hais tias OSSEC tseem muaj kev txhawb nqa, Wazuh tau pom tias yog kev txuas ntxiv ntawm OSSEC vim yog qhov sib ntxiv ntawm lub vev xaib tshiab, REST API, ntau txoj cai ua tiav, thiab ntau lwm yam kev txhim kho.

zoo

  • Raws li thiab sib xws nrog nrov SIEM OSSEC;
  • Txhawb ntau yam kev xaiv installation: Docker, Puppet, Kws ua zaub mov, Ansible;
  • Txhawb kev saib xyuas cov kev pabcuam huab, suav nrog AWS thiab Azure;
  • suav nrog cov txheej txheem dav dav txhawm rau txheeb xyuas ntau hom kev tawm tsam thiab tso cai rau koj los sib piv lawv raws li PCI DSS v3.1 thiab CIS.
  • Kev koom ua ke nrog Splunk cav cia thiab tsom xam qhov kev tshwm sim pom thiab kev txhawb nqa API.

Disadvantages

  • complex architecture - yuav tsum muaj tag nrho Elastic Stack xa mus ntxiv rau Wazuh backend Cheebtsam.

Tau qhov twg los

Prelude OS

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

Prelude OSS yog qhov qhib-qhov version ntawm kev lag luam Prelude SIEM, tsim los ntawm Fabkis lub tuam txhab CS. Qhov kev daws teeb meem yog qhov hloov pauv tau yooj yim, modular SIEM system uas txhawb nqa ntau lub cav tawm tswv yim, kev koom ua ke nrog cov cuab yeej thib peb xws li OSSEC, Snort thiab Suricata network nrhiav kom tau.

Txhua qhov kev tshwm sim yog normalized rau hauv cov lus siv hom IDMEF, uas yooj yim hloov cov ntaub ntawv nrog lwm lub tshuab. Tab sis muaj yoov nyob rau hauv cov tshuaj pleev ib ce - Prelude OSS yog heev txwv nyob rau hauv kev ua tau zoo thiab functionality piv rau cov lag luam version ntawm Prelude SIEM, thiab yog npaj ntau rau tej yaam num me me los yog rau kev kawm SIEM kev daws teeb meem thiab ntsuam xyuas Prelude SIEM.

zoo

  • Lub sij hawm-tested system, tsim los ntawm 1998;
  • Txhawb ntau hom cav sib txawv;
  • Normalizes cov ntaub ntawv rau IMDEF hom, ua rau nws yooj yim rau hloov cov ntaub ntawv mus rau lwm yam kev ruaj ntseg systems.

Disadvantages

  • Tseem ceeb txwv hauv kev ua haujlwm thiab kev ua tau zoo piv rau lwm qhov chaw qhib SIEM.

Tau qhov twg los

dab ntxwg nyoog

5 qhib qhov chaw ruaj ntseg kev tswj hwm qhov system

Sagan yog SIEM ua haujlwm siab uas hais txog kev sib raug zoo nrog Snort. Ntxiv rau kev txhawb nqa cov cai sau rau Snort, Sagan tuaj yeem sau rau Snort database thiab tuaj yeem siv nrog Shuil interface. Qhov tseem ceeb, nws yog lub teeb yuag ntau txoj xov uas muaj cov yam ntxwv tshiab thaum tseem muaj phooj ywg zoo rau Snort cov neeg siv.

zoo

  • Ua tiav nrog Snort database, cov cai, thiab cov neeg siv interface;
  • Multi-threaded architecture muab kev ua haujlwm siab.

Disadvantages

  • Ib qhov project me me nrog lub zej zog me me;
  • Cov txheej txheem kev teeb tsa nyuaj uas suav nrog kev tsim tag nrho SIEM los ntawm qhov chaw.

Tau qhov twg los

xaus

Txhua lub SIEM tau piav qhia nws muaj nws tus yam ntxwv thiab kev txwv, yog li lawv tsis tuaj yeem raug hu ua kev daws teeb meem thoob ntiaj teb rau txhua lub koom haum. Txawm li cas los xij, cov kev daws teeb meem no yog qhov qhib, tso cai rau lawv siv, sim, thiab tshuaj xyuas yam tsis muaj nqi ntau dhau.

Dab tsi ntxiv nthuav koj tuaj yeem nyeem ntawm blog? Cloud4Y

β†’ VNIITE ntawm tag nrho lub ntiaj teb: yuav ua li cas lub "smart home" system tau tsim nyob rau hauv lub USSR
β†’ Yuav ua li cas neural interfaces pab tib neeg
β†’ Cyber ​​​​insurance nyob rau hauv Russia
β†’ Lub teeb, lub koob yees duab... huab: yuav ua li cas huab hloov cov yeeb yaj duab kev lag luam
β†’ Football hauv huab - zam lossis tsim nyog?

Subscribe rau peb Telegram-channel, yog li tsis txhob nco cov ntawv tom ntej! Peb sau tsis pub ntau tshaj ob zaug hauv ib lub lim tiam thiab tsuas yog ua lag luam xwb.

Tau qhov twg los: www.hab.com