Kugamuchirwa kwakapararira kwekombuta yemakore kunobatsira makambani kukwira bhizinesi ravo. Asi kushandiswa kwemapuratifomu matsva kunorevawo kubuda kwekutyisidzira kutsva. Kuchengeta yako wega timu mukati mesangano rine mutoro wekutarisa kuchengetedzeka kwemafu masevhisi harisi basa riri nyore. Maturusi ekutarisa aripo anodhura uye anononoka. Iwo, kune imwe nhanho, yakaoma kubata kana zvasvika pakuchengetedza yakakura-yakakura gore zvivakwa. Kuti vachengetedze kuchengetedza kwavo kwegore padanho repamusoro, makambani anoda zvine simba, zvinochinjika, uye intuitive zvishandiso zvinoenda kupfuura izvo zvaimbove zviripo. Apa ndipo panovhurwa sosi matekinoroji anouya zvakanyanya, achibatsira kuchengetedza kuchengetedza bhajeti uye kugadzirwa nenyanzvi dzinoziva zvakawanda nezvebhizinesi ravo.
Chinyorwa, shandurudzo yatiri kutsikisa nhasi, inopa tarisiro yezvinomwe zvakavhurwa sosi maturusi ekutarisa kuchengetedzeka kwemafu system. Zvishandiso izvi zvakagadzirirwa kuchengetedza kubva kune matsotsi nema cybercriminals nekuona anomalies uye zviitiko zvisina kuchengeteka.
1. Osquery
Iyo Osquery framework yakagadzirwa neFacebook. Kodhi yayo yakavhurika yakavhurwa muna 2014, mushure mekunge kambani yaona kuti yakanga isiri yega yaida maturusi ekutarisa yakaderera-nhanho nzira dzekushandisa masisitimu. Kubva ipapo, Osquery yakashandiswa nenyanzvi kubva kumakambani akadai seDactiv, Google, Kolide, Trail of Bits, Uptycs, nevamwe vazhinji. Yakanga ichangopfuura
Osquery's host yekutarisa daemon, inonzi osqueryd, inokutendera iwe kuronga mibvunzo inounganidza data kubva kune yako yese zvivakwa zvesangano rako. Iyo daemon inounganidza mhinduro dzemubvunzo uye inogadzira matanda anoratidza shanduko yemamiriro ezvivakwa. Izvi zvinogona kubatsira vashandi vezvekuchengetedza kuti varambe vachiziva nezvechimiro chesisitimu uye inonyanya kubatsira pakuona zvinokanganisa. Osquery's log aggregation masimba anogona kushandiswa kukubatsira kuti uwane inozivikanwa uye isingazivikanwe malware, pamwe nekuona kuti vanorwisa vapinda kupi system yako uye nekuwana kuti ndeapi mapurogiramu avakaisa.
2.GoAudit
maitiro
Iyo GoAudit system yakanyorwa muGolang. Mutauro wemhando-yakachengeteka uye wepamusoro-soro. Usati waisa GoAudit, tarisa kuti vhezheni yako yeGolang yakakwira kupfuura 1.7.
3. Grapl
Iyo purojekiti
Chishandiso cheGrapl chinotora matanda ane hukama nekuchengetedza (Sysmon matanda kana matanda mune yakajairwa JSON fomati) uye inoashandura kuita subgraphs (kutsanangura "chiziviso" cheimwe node). Mushure meizvozvo, inosanganisa subgraphs kuita yakafanana girafu (Master Graph), iyo inomiririra zviito zvinoitwa munzvimbo dzakaongororwa. Grapl yobva yamhanyisa Analyzer pagirafu inozobuda ichishandisa "attacker siginicha" kuona zvinokanganisa uye maitiro ekufungira. Kana iyo analyzer ikaratidza inonyumwira subgraph, Grapl inogadzira Engagement yekuvaka inoitirwa kuongororwa. Engagement ikirasi yePython inogona kutakurwa, semuenzaniso, muJupyter Notebook yakaiswa munzvimbo yeAWS. Grapl, nekuwedzera, inogona kuwedzera chiyero chekuunganidza ruzivo rwekuongorora chiitiko kuburikidza nekuwedzera kwegirafu.
Kana iwe uchida kunzwisisa zviri nani Grapl, unogona kutarisa
4. OSSEC
OSSEC inosanganisa kugona kweHost-Based Intrusion Detection System (HIDS) neSecurity Incident Management (SIM) uye Chengetedzo Ruzivo uye Chiitiko Management (SIEM) system. . OSSEC inogona zvakare kutarisa kutendeseka kwefaira munguva chaiyo. Izvi, semuenzaniso, zvinotarisa iyo Windows registry uye inoona rootkits. OSSEC inokwanisa kuzivisa vane chekuita nezvematambudziko akaonekwa munguva chaiyo uye inobatsira kukurumidza kupindura kune kutyisidzira kwakaonekwa. Iyi puratifomu inotsigira Microsoft Windows uye mazhinji emazuva ano Unix-senge masisitimu, anosanganisira Linux, FreeBSD, OpenBSD uye Solaris.
Iyo OSSEC papuratifomu ine yepakati control entity, maneja, anoshandiswa kugamuchira nekutarisa ruzivo kubva kune vamiririri (zvirongwa zvidiki zvakaiswa pane masisitimu anoda kutariswa). Maneja akaiswa paLinux system, inochengeta dhatabhesi rinoshandiswa kutarisa kuvimbika kwemafaira. Iyo zvakare inochengeta matanda uye marekodhi ezviitiko uye system yekuongorora mhinduro.
Chirongwa cheOSSEC parizvino chiri kutsigirwa neAtomicorp. Iyo kambani inotarisira yemahara yakavhurika sosi vhezheni, uye, nekuwedzera, inopa
5. meerkat
Ichi chigadzirwa chakaonekwa muna 2009. Basa rake rinobva pamitemo. Ndiko kuti, uyo anoishandisa ane mukana wekutsanangura zvimwe zvetiweki traffic. Kana mutemo ukatanga, Suricata inogadzira chiziviso, ichivharira kana kumisa kubatana kunofungidzirwa, izvo, zvakare, zvinoenderana nemitemo yakatarwa. Iyo purojekiti zvakare inotsigira akawanda-tambo mashandiro. Izvi zvinoita kuti zvikwanise kukurumidza kugadzirisa huwandu hukuru hwemitemo mumatiweki anotakura mavhoriyamu makuru emotokari. Nekuda kwerutsigiro rwakawanda-rutsigiro, sevha yakajairika inokwanisa kunyatso ongorora traffic inofamba nekumhanya kwe10 Gbit/s. Muchiitiko ichi, mutungamiri haafaniri kudzikamisa seti yemitemo inoshandiswa pakuongorora motokari. Suricata inotsigirawo hashing uye kutora faira.
Suricata inogona kugadzirwa kuti imhanye pamasevha enguva dzose kana pamashini chaiwo, akadai seAWS, uchishandisa chinhu chichangobva kuunzwa muchigadzirwa.
Iyo purojekiti inotsigira Lua zvinyorwa, izvo zvinogona kushandiswa kugadzira yakaoma uye yakadzama pfungwa yekuongorora masiginicha ekutyisidzira.
Chirongwa cheSuricata chinotungamirwa neOpen Information Security Foundation (OISF).
6. Zeek (Bro)
Kufanana naSuricata,
Kana isu tikafunga Zeek setiweki yekuchengetedza chishandiso, saka tinogona kutaura kuti inopa nyanzvi mukana wekuferefeta chiitiko nekudzidza nezve zvakaitika zvisati zvaitika kana panguva yechiitiko. Zeek zvakare inoshandura network traffic data kuita zviitiko zvepamusoro-soro uye inopa kugona kushanda nemuturikiri wezvinyorwa. Muturikiri anotsigira mutauro wepurogiramu unoshandiswa kupindirana nezviitiko uye kuona kuti zviitiko izvozvo zvinorevei maererano nekuchengetedzwa kwetiweki. Mutauro wechirongwa weZeek unogona kushandiswa kugadzirisa kuti metadata inoturikirwa sei kuti ienderane nezvinodiwa nesangano. Iyo inokutendera iwe kuti uvake akaoma kunzwisisa mamiriro uchishandisa iyo AND, KANA uye KWETE vashandisi. Izvi zvinopa vashandisi kugona kugadzirisa kuti nharaunda yavo inoongororwa sei. Nekudaro, zvinofanirwa kucherechedzwa kuti, mukuenzanisa neSuricata, Zeek inogona kuita senge chishandiso chakaomarara pakuita chengetedzo yekutyisidzira.
Kana iwe uchida mamwe ruzivo nezve Zeek, ndapota taura
7. Panther
Pakati pezvinhu zvikuru zvePanther ndezvinotevera:
- Kuonekwa kwekusatenderwa kuwana zviwanikwa nekuongorora matanda.
- Kuonekwa kwekutyisidzira, kunoitwa nekutsvaga matanda kune zviratidzo zvinoratidza matambudziko ekuchengetedza. Kutsvaga kunoitwa uchishandisa Panter's standardized data fields.
- Kutarisa sisitimu yekutevedzera neSOC/PCI/HIPAA zviyero uchishandisa
embedded Panther nzira. - Chengetedza zviwanikwa zvegore rako nekugadzirisa otomatiki zvikanganiso zvinogona kukonzera matambudziko akakura kana zvikashandiswa nevanorwisa.
Panther inoiswa pane yesangano AWS gore uchishandisa AWS CloudFormation. Izvi zvinobvumira mushandisi kugara achitonga data rake.
Migumisiro
Monitoring system kuchengetedza ibasa rakakosha mazuva ano. Mukugadzirisa dambudziko iri, makambani echero saizi anogona kubatsirwa neakavhurika sosi maturusi anopa mikana yakawanda uye asingadhuri chero chinhu kana mahara.
Vanodiwa vaverengi! Ndeapi maturusi ekutarisa kuchengetedza aunoshandisa?
Source: www.habr.com