Kutulutsidwa kwa dongosolo lojambulira, kusunga ndi kulondolera mapaketi a netiweki Arkime 5.0 kwasindikizidwa, kupereka zida zowunika momwe magalimoto amayendera ndikufufuza zambiri zokhudzana ndi ntchito zapaintaneti. Ntchitoyi idapangidwa poyambilira ndi AOL ndi cholinga chokhazikitsa malo otseguka a nsanja zopangira paketi zapaintaneti zomwe zimathandizira kutumizidwa pa maseva ake ndipo zimatha kuwongolera kuchuluka kwa magalimoto pa liwiro la magigabiti makumi pamphindikati. Khodi yotengera magalimoto amalembedwa mu C, ndipo mawonekedwe ake akugwiritsidwa ntchito mu Node.js/JavaScript. Khodi yoyambira imagawidwa pansi pa layisensi ya Apache 2.0. Imathandizira ntchito pa Linux ndi FreeBSD. Maphukusi okonzeka amakonzekera Arch Linux, RHEL/CentOS ndi Ubuntu.
Arkime imaphatikizapo zida zojambulira ndikulozera kuchuluka kwa magalimoto a PCAP, komanso imapereka zida zopezera mwachangu deta yolondolera. Kugwiritsa ntchito mtundu wamba wa PCAP kumathandizira kwambiri kuphatikiza ndi zowunikira zomwe zilipo kale monga Wireshark. Kuchuluka kwa deta yosungidwa kumakhala kochepa kokha ndi kukula kwa disk yomwe ilipo. Session metadata imayikidwa mu gulu kutengera Elasticsearch kapena OpenSearch injini. Chigawo chojambulira magalimoto chimagwira ntchito mumitundu yambiri ndipo chimathetsa ntchito zowunikira, kulemba zotayira za PCAP ku disk, kugawa mapaketi ogwidwa ndi kutumiza metadata za magawo (SPI, Stateful packet inspection) ndi ma protocol ku gulu la Elasticsearch/OpenSearch. Ndizotheka kusunga mafayilo a PCAP mu mawonekedwe obisika.
Kuti muwunike zambiri zomwe zasonkhanitsidwa, mawonekedwe apaintaneti amaperekedwa omwe amakupatsani mwayi wofufuza, kufufuza ndi kutumiza zitsanzo. Mawonekedwe a intaneti amapereka mitundu ingapo yowonera - kuchokera ku ziwerengero, mamapu olumikizirana ndi ma graph owoneka ndi data pakusintha kwa ntchito zapaintaneti kupita ku zida zophunzirira magawo amunthu payekhapayekha, kusanthula zochitika malinga ndi ma protocol omwe amagwiritsidwa ntchito ndi kugawa deta kuchokera ku PCAP. API imaperekedwanso yomwe imakulolani kuti mutumize zambiri za mapaketi ogwidwa mumtundu wa PCAP ndi magawo osakanikirana mumtundu wa JSON ku mapulogalamu a chipani chachitatu.
Mu mtundu watsopano:
- Adawonjeza kuthekera kotumiza zofunsira zonse zosaka zambiri kudzera mu ntchito ya Cont3xt kuti mutolere zidziwitso zopezeka m'malo otseguka osiyanasiyana (OSINT) nthawi imodzi za zinthu zingapo.
- Thandizo lowonjezera la njira za JA4 ndi JA4+ zolembera zala zamagalimoto kuti zizindikire ma protocol ndi ntchito.
- Mapangidwe a chipika chokhala ndi chidziwitso chatsatanetsatane cha gawoli chasinthidwa, chomwe chimachepetsa malo osagwiritsidwa ntchito ndikugwiritsanso ntchito mawonekedwe a magawo awiri azithunzi zazikulu.
- Mipiringidzo yotsikira pansi yawonjezedwa ku Mafayilo, Mbiri ndi Ziwerengero kuti mufufuze nthawi imodzi munjira zingapo zowonera ziwerengero (Wowonera).
- Dongosolo lovomerezeka lalumikizidwa ndikugawidwa kukhala gawo losiyana, lomwe tsopano likugwiritsidwa ntchito pamapulogalamu onse a Arkime. M'malo mwa njira yovomerezeka yosadziwika, njira ya digest imagwiritsidwa ntchito mwachisawawa. Mitundu yatsopano yololeza yawonjezedwa: zoyambira, mawonekedwe, mawonekedwe + oyambira, zoyambira + oidc, mutuOnly, mutu + digest ndi mutu + woyambira.
- Mapulogalamu onse adasamutsidwa ku kachitidwe kogwirizana komwe kamathandizira zosintha mumitundu yosiyanasiyana (ini, json, yaml) ndipo imatha kutsitsa zosintha kuchokera kumagwero osiyanasiyana, mwachitsanzo, kuchokera ku disk, pamaneti kudzera pa HTTPS kapena kuchokera ku OpenSearch/Elasticsearch. .
- Thandizo lowonjezera pakulowetsa zosungidwa za PCAP zosungidwa (zopanda intaneti) ndikuzitsitsa kudzera pa URL kudzera pa HTTPS kapena kuchokera ku Amazon S3 yosungirako, popanda kufunika kowasunga kaye pamakina akomweko.
Source: opennet.ru