Check Point SandBlast Agent Management Platform ãœãªã¥ãŒã·ã§ã³ã«é¢ããã·ãªãŒãºã® XNUMX çªç®ã®èšäºãžããããã 以åã®èšäºã¯ãé©åãªãªã³ã¯ããã芧ããã ããŸãã
ãã°
ã»ãã¥ãªã㣠ã€ãã³ããç£èŠããããã®äž»ãªæ å ±æºã¯ããã°ãã»ã¯ã·ã§ã³ã§ãããã®ã»ã¯ã·ã§ã³ã«ã¯ãåã€ã³ã·ãã³ãã®è©³çŽ°æ å ±ã衚瀺ããã䟿å©ãªãã£ã«ã¿ãŒã䜿çšããŠæ€çŽ¢æ¡ä»¶ãçµã蟌ãããšãã§ããŸãã ããšãã°ã察象ã®ãã°ã®ãã©ã¡ãŒã¿ (ãã¬ãŒããã¢ã¯ã·ã§ã³ãé倧床ãªã©) ãå³ã¯ãªãã¯ãããšããã®ãã©ã¡ãŒã¿ã次ã®ããã«ãã£ã«ã¿ãªã³ã°ã§ããŸãã ãã£ã«ã¿ãŒ:ããã©ã¡ãŒã¿ã ãŸã㯠ãã£ã«ã¿ã¢ãŠã:ããã©ã¡ãŒã¿ãã ãŸãã[Source] ãã©ã¡ãŒã¿ãŒã§ã¯ã[IP Tools] ãªãã·ã§ã³ãéžæã§ããŸãããã®ãªãã·ã§ã³ã§ã¯ãæå®ããã IP ã¢ãã¬ã¹/ååã«å¯Ÿã㊠ping ãå®è¡ããããnslookup ãå®è¡ããŠãœãŒã¹ IP ã¢ãã¬ã¹ãååã§ååŸãããã§ããŸãã
ããã°ãã»ã¯ã·ã§ã³ã«ã¯ãã€ãã³ãããã£ã«ã¿ãªã³ã°ããããã®ãçµ±èšããµãã»ã¯ã·ã§ã³ãããããã¹ãŠã®ãã©ã¡ãŒã¿ã«é¢ããçµ±èš (ãã°æ°ãå«ãæéã°ã©ããšåãã©ã¡ãŒã¿ã®å²å) ã衚瀺ãããŸãã ãã®ãµãã»ã¯ã·ã§ã³ã§ã¯ãæ€çŽ¢ããŒã䜿çšããããã£ã«ã¿ãªã³ã°åŒãèšè¿°ãããããã«ããã°ãç°¡åã«ãã£ã«ã¿ãªã³ã°ã§ããŸããç®çã®ãã©ã¡ãŒã¿ãéžæããã ãã§ããã°ã®æ°ãããªã¹ããããã«è¡šç€ºãããŸãã
åãã°ã®è©³çŽ°æ å ±ã¯ãããã°ãã»ã¯ã·ã§ã³ã®å³åŽã®ããã«ã«è¡šç€ºãããŸãããå 容ãåæããã«ã¯ããã«ã¯ãªãã¯ããŠãã°ãéããæ¹ã䟿å©ã§ãã 以äžã¯ãã°ã®äŸã§ã (ç»åã¯ã¯ãªãã¯å¯èœã§ã)ãææããã.docxããã¡ã€ã«ã«å¯Ÿããè åšãšãã¥ã¬ãŒã·ã§ã³ ãã¬ãŒãã®é²æ¢ã¢ã¯ã·ã§ã³ã®ããªã¬ãŒã«é¢ãã詳现æ å ±ã衚瀺ãããŸãã ãã°ã«ã¯ãããªã¬ãŒãããããªã·ãŒãšä¿è·ããã©ã¬ã³ãžãã¯ã®è©³çŽ°ãã¯ã©ã€ã¢ã³ããšãã©ãã£ãã¯ã«é¢ããæ å ±ãªã©ãã»ãã¥ãªã㣠ã€ãã³ãã®è©³çŽ°ã衚瀺ããããã€ãã®ãµãã»ã¯ã·ã§ã³ããããŸãã ãã°ããå ¥æã§ããã¬ããŒããã€ãŸãè åšãšãã¥ã¬ãŒã·ã§ã³ ã¬ããŒããšãã©ã¬ã³ãžã㯠ã¬ããŒãã«ã¯ç¹ã«æ³šæãå¿ èŠã§ãã ãããã®ã¬ããŒãã¯ãSandBlast Agent ã¯ã©ã€ã¢ã³ãããéãããšãã§ããŸãã
è åšãšãã¥ã¬ãŒã·ã§ã³ã¬ããŒã
Threat Emulation ãã¬ãŒãã䜿çšããå ŽåãCheck Point ã¯ã©ãŠãã§ãšãã¥ã¬ãŒã·ã§ã³ãå®è¡ãããåŸããšãã¥ã¬ãŒã·ã§ã³çµæã«é¢ãã詳现ã¬ããŒã (Threat Emulation Report) ãžã®ãªã³ã¯ã察å¿ãããã°ã«è¡šç€ºãããŸãã ãã®ãããªã¬ããŒãã®å
容ã«ã€ããŠã¯ã次ã®èšäºã§è©³ãã説æããŠããŸãã
ãã©ã¬ã³ãžãã¯ã¬ããŒã
ã»ãŒãã¹ãŠã®ã»ãã¥ãªã㣠ã€ãã³ãã«å¯ŸããŠããã©ã¬ã³ãžã㯠ã¬ããŒããçæãããŸããããã«ã¯ãæªæã®ãããã¡ã€ã«ã®ç¹åŸŽãã¢ã¯ã·ã§ã³ãã·ã¹ãã ãžã®ãšã³ã㪠ãã€ã³ããéèŠãªäŒæ¥è³ç£ãžã®åœ±é¿ãªã©ãæªæã®ãããã¡ã€ã«ã«é¢ãã詳现æ
å ±ãå«ãŸããŸãã ã¬ããŒãã®æ§é ã«ã€ããŠã¯ã次ã®èšäºã§è©³ãã説æããŸããã
SmartView
Check Point SmartView ã¯ãåçãªããã·ã¥ããŒã (ãã¥ãŒ) ãšã¬ããŒãã PDF 圢åŒã§äœæããã³è¡šç€ºããããã®äŸ¿å©ãªããŒã«ã§ãã SmartView ããã管çè ã®ãŠãŒã¶ãŒ ãã°ãç£æ»ã€ãã³ãã衚瀺ããããšãã§ããŸãã 以äžã®å³ã¯ãSandBlast Agent ã䜿çšããå Žåã«æã圹ç«ã€ã¬ããŒããšããã·ã¥ããŒãã瀺ããŠããŸãã
SmartView ã®ã¬ããŒãã¯ãäžå®æéã®ã€ãã³ãã«é¢ããçµ±èšæ å ±ãå«ãããã¥ã¡ã³ãã§ãã SmartView ãéããŠãããã·ã³ãžã® PDF 圢åŒã§ã®ã¬ããŒãã®ã¢ããããŒããšã管çè ã®é»åã¡ãŒã«ãžã® PDF/Excel ãžã®å®æçãªã¢ããããŒãããµããŒããããŠããŸãã ããã«ãã¬ããŒã ãã³ãã¬ãŒãã®ã€ã³ããŒã/ãšã¯ã¹ããŒããç¬èªã®ã¬ããŒãã®äœæãã¬ããŒãå ã®ãŠãŒã¶ãŒåãé衚瀺ã«ããæ©èœããµããŒããããŠããŸãã 以äžã®å³ã¯ãçµã¿èŸŒã¿ã®è åšå¯Ÿçã¬ããŒãã®äŸã瀺ããŠããŸãã
SmartView ã®ããã·ã¥ããŒã (ãã¥ãŒ) ã䜿çšãããšã管çè ã¯ãã°ã©ãã®åãæªæã®ãããã¡ã€ã«ã®ååãªã©ãé¢å¿ã®ãããªããžã§ã¯ããããã«ã¯ãªãã¯ããã ãã§ã察å¿ããã€ãã³ãã®ãã°ã«ã¢ã¯ã»ã¹ã§ããŸãã ã¬ããŒããšåæ§ã«ãç¬èªã®ããã·ã¥ããŒããäœæããŠãŠãŒã¶ãŒ ããŒã¿ãé衚瀺ã«ããããšãã§ããŸãã ããã·ã¥ããŒãã¯ããã³ãã¬ãŒãã®ã€ã³ããŒã/ãšã¯ã¹ããŒãã管çè ã®é»åã¡ãŒã«ãžã® PDF/Excel ãžã®å®æçãªã¢ããããŒããã»ãã¥ãªã㣠ã€ãã³ãããªã¢ã«ã¿ã€ã ã§ç£èŠããããã®èªåããŒã¿æŽæ°ããµããŒãããŠããŸãã
è¿œå ã®ç£èŠã»ã¯ã·ã§ã³
管çãã©ãããã©ãŒã ã®ç£èŠããŒã«ã®èª¬æã¯ããæŠèŠãããã³ã³ãã¥ãŒã¿ç®¡çããããšã³ããã€ã³ãèšå®ããããã³ãããã·ã¥æäœãã»ã¯ã·ã§ã³ã«èšåããªããšäžå®å
šã«ãªããŸãã ãããã®ã»ã¯ã·ã§ã³ã«ã€ããŠã¯ã以äžã§è©³ãã説æãããŠããŸãã
[ã³ã³ãã¥ãŒã¿ç®¡ç] ã»ã¯ã·ã§ã³ããããŠãŒã¶ãŒ ãã·ã³äžã®ãšãŒãžã§ã³ãã®ã¹ããŒã¿ã¹ããã«ãŠã§ã¢å¯ŸçããŒã¿ããŒã¹ã®æŽæ°ã¹ããŒã¿ã¹ããã£ã¹ã¯æå·åã®æ®µéãªã©ãç£èŠã§ããŸãã ãã¹ãŠã®ããŒã¿ã¯èªåçã«æŽæ°ããããã£ã«ã¿ãŒããšã«äžèŽãããŠãŒã¶ãŒ ãã·ã³ã®å²åã衚瀺ãããŸãã ããœã³ã³ã®ããŒã¿ãCSV圢åŒã§ãšã¯ã¹ããŒãããããšãã§ããŸãã
ã¯ãŒã¯ã¹ããŒã·ã§ã³ã®ã»ãã¥ãªãã£ãç£èŠããéèŠãªåŽé¢ã¯ãéèŠãªã€ãã³ãã«é¢ããéç¥ (ã¢ã©ãŒã) ãèšå®ããäŒæ¥ã®ãã° ãµãŒããŒã«ä¿åããããã«ãã°ããšã¯ã¹ããŒããã (ãšã¯ã¹ããŒã ã€ãã³ã) ããšã§ãã ã©ã¡ãã®èšå®ã [ãšã³ããã€ã³ãèšå®] ã»ã¯ã·ã§ã³ã§è¡ãããŸãã ã¢ã©ãŒã ã¡ãŒã« ãµãŒããŒã«æ¥ç¶ããŠã€ãã³ãéç¥ã管çè ã«éä¿¡ããã€ãã³ãåºæºãæºããããã€ã¹ã®å²å/æ°ã«å¿ããŠéç¥ãããªã¬ãŒ/ç¡å¹ã«ããããã®ãããå€ãæ§æããããšãã§ããŸãã ã€ãã³ãã®ãšã¯ã¹ããŒã ããã«åŠçããããã«ã管çãã©ãããã©ãŒã ããäŒç€Ÿã®ãã° ãµãŒããŒãžã®ãã°ã®è»¢éãæ§æã§ããŸãã SYSLOGãCEFãLEEFãSPLUNK 圢åŒãTCP/UDP ãããã³ã«ãsyslog ãšãŒãžã§ã³ããå®è¡ãããŠããä»»æã® SIEM ã·ã¹ãã ãTLS/SSL æå·åã®äœ¿çšãããã³ syslog ã¯ã©ã€ã¢ã³ãèªèšŒããµããŒãããŸãã
ãšãŒãžã§ã³ãäžã®ã€ãã³ãã詳现ã«åæããå ŽåããŸãã¯ãã¯ãã«ã« ãµããŒãã«é£çµ¡ããå Žåã¯ããããã·ã¥æäœãã»ã¯ã·ã§ã³ã®åŒ·å¶æäœã䜿çšã㊠SandBlast ãšãŒãžã§ã³ã ã¯ã©ã€ã¢ã³ããããã°ãè¿ éã«åéã§ããŸãã çæããããã°ä»ãã¢ãŒã«ã€ãã Check Point ãµãŒããŒãŸãã¯äŒæ¥ãµãŒããŒã«è»¢éããããã«èšå®ã§ããŸãããã°ä»ãã¢ãŒã«ã€ãã¯ããŠãŒã¶ãŒã®ãã·ã³ã® C:UsersusernameCPInfo ãã£ã¬ã¯ããªã«ä¿åãããŸãã æå®ããæå»ã«ãã°åéããã»ã¹ãèµ·åããæ©èœãšããŠãŒã¶ãŒã«ããæäœã延æããæ©èœããµããŒããããŠããŸãã
è åšãã³ãã£ã³ã°
è åšãã³ãã£ã³ã°ã¯ãã·ã¹ãã å ã®æªæã®ããã¢ã¯ãã£ããã£ãç°åžžãªåäœãç©æ¥µçã«æ€çŽ¢ããæœåšçãªã»ãã¥ãªã㣠ã€ãã³ããããã«èª¿æ»ããããã«äœ¿çšãããŸãã 管çãã©ãããã©ãŒã ã® [è åšãã³ãã£ã³ã°] ã»ã¯ã·ã§ã³ã§ã¯ããŠãŒã¶ãŒ ãã·ã³ ããŒã¿å ã®æå®ããããã©ã¡ãŒã¿ãŒãæã€ã€ãã³ããæ€çŽ¢ã§ããŸãã
è åšãã³ãã£ã³ã° ããŒã«ã«ã¯ãããšãã°ãæªæã®ãããã¡ã€ã³ããã¡ã€ã«ãåé¡ããããç¹å®ã® IP ã¢ãã¬ã¹ãžã®çšãªãªã¯ãšã¹ãã远跡ãããããããã®äºåå®çŸ©ãããã¯ãšãªãããã€ããããŸã (äžè¬çãªçµ±èšãšæ¯èŒããŠ)ã ãªã¯ãšã¹ãæ§é 㯠XNUMX ã€ã®ãã©ã¡ãŒã¿ã§æ§æãããŸãã ã€ã³ãžã±ãŒã¿ (ãããã¯ãŒã¯ãããã³ã«ãããã»ã¹èå¥åããã¡ã€ã«ã¿ã€ããªã©)ã ãªãã¬ãŒã¿ ïŒãã§ãããããã§ã¯ãªããããå«ããããã®ããããããªã©ïŒããã³ ãªã¯ãšã¹ãããã£ã ãªã¯ãšã¹ãã®æ¬æã§æ£èŠè¡šçŸã䜿çšã§ããæ€çŽ¢ããŒã§è€æ°ã®ãã£ã«ã¿ãŒãåæã«äœ¿çšã§ããŸãã
ãã£ã«ã¿ãŒãéžæããŠãªã¯ãšã¹ãã®åŠçãå®äºãããšãé¢é£ãããã¹ãŠã®ã€ãã³ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããã€ãã³ãã«é¢ãã詳现æ å ±ã衚瀺ãããããªã¯ãšã¹ã ãªããžã§ã¯ããéé¢ããããã€ãã³ãã®èª¬æãå«ã詳现ãªãã©ã¬ã³ãžã㯠ã¬ããŒããçæãããããããšãã§ããŸãã çŸåšããã®ããŒã«ã¯ããŒã¿çã§ãããå°æ¥çã«ã¯ãã€ãã³ãã«é¢ããæ å ±ã Mitre Att&ck ãããªã¯ã¹ã®åœ¢åŒã§è¿œå ãããªã©ãäžé£ã®æ©èœãæ¡åŒµããäºå®ã§ãã
ãŸãšã
èŠçŽããŸããã: ãã®èšäºã§ã¯ãSandBlast ãšãŒãžã§ã³ã管çãã©ãããã©ãŒã ã®ã»ãã¥ãªã㣠ã€ãã³ããç£èŠããæ©èœãæ€èšãããŠãŒã¶ãŒ ãã·ã³äžã®æªæã®ããã¢ã¯ã·ã§ã³ãç°åžžãããã¢ã¯ãã£ãã«æ€çŽ¢ããããã®æ°ããããŒã«ã§ããè åšãã³ãã£ã³ã°ã«ã€ããŠç 究ããŸããã 次ã®èšäºã¯ãã®ã·ãªãŒãºã®æçµèšäºãšãªãã管çãã©ãããã©ãŒã ãœãªã¥ãŒã·ã§ã³ã«é¢ããŠæãããå¯ãããã質åãåãäžãããã®è£œåããã¹ãããå¯èœæ§ã«ã€ããŠèª¬æããŸãã
åºæïŒ habr.com