Kugamuchirwa kwakapararira kwekombuta yemakore kunobatsira makambani kukwira bhizinesi ravo. Asi kushandiswa kwemapuratifomu matsva kunorevawo kubuda kwekutyisidzira kutsva. Kuchengeta yako wega timu mukati mesangano rine mutoro wekutarisa kuchengetedzeka kwemafu masevhisi harisi basa riri nyore. Maturusi ekutarisa aripo anodhura uye anononoka. Iwo, kune imwe nhanho, yakaoma kubata kana zvasvika pakuchengetedza yakakura-yakakura gore zvivakwa. Kuti vachengetedze kuchengetedza kwavo kwegore padanho repamusoro, makambani anoda zvine simba, zvinochinjika, uye intuitive zvishandiso zvinoenda kupfuura izvo zvaimbove zviripo. Apa ndipo panovhurwa sosi matekinoroji anouya zvakanyanya, achibatsira kuchengetedza kuchengetedza bhajeti uye kugadzirwa nenyanzvi dzinoziva zvakawanda nezvebhizinesi ravo.
Chinyorwa, shandurudzo yatiri kutsikisa nhasi, inopa tarisiro yezvinomwe zvakavhurwa sosi maturusi ekutarisa kuchengetedzeka kwemafu system. Zvishandiso izvi zvakagadzirirwa kuchengetedza kubva kune matsotsi nema cybercriminals nekuona anomalies uye zviitiko zvisina kuchengeteka.
1. Osquery
inzira yekutarisa yakaderera-yepamusoro uye kuongororwa kweanoshanda masisitimu ayo anobvumira nyanzvi dzezvekuchengetedza kuti dziite yakaoma data kuchera vachishandisa SQL. Iyo Osquery chimiro inogona kumhanya paLinux, macOS, Windows uye FreeBSD. Inomiririra iyo inoshanda sisitimu (OS) seyepamusoro-inoshanda relational database. Izvi zvinobvumira nyanzvi dzekuchengetedza kuti dziongorore OS nekumhanyisa mibvunzo yeSQL. Semuenzaniso, uchishandisa mubvunzo, unogona kuziva nezvekuita maitiro, akatakura kernel modules, yakavhurika network yekubatanidza, yakaiswa browser yekuwedzera, zviitiko zvehardware, uye faira hashes.
Iyo Osquery framework yakagadzirwa neFacebook. Kodhi yayo yakavhurika yakavhurwa muna 2014, mushure mekunge kambani yaona kuti yakanga isiri yega yaida maturusi ekutarisa yakaderera-nhanho nzira dzekushandisa masisitimu. Kubva ipapo, Osquery yakashandiswa nenyanzvi kubva kumakambani akadai seDactiv, Google, Kolide, Trail of Bits, Uptycs, nevamwe vazhinji. Yakanga ichangopfuura kuti iyo Linux Foundation neFacebook vari kuzogadzira homwe yekutsigira Osquery.
Osquery's host yekutarisa daemon, inonzi osqueryd, inokutendera iwe kuronga mibvunzo inounganidza data kubva kune yako yese zvivakwa zvesangano rako. Iyo daemon inounganidza mhinduro dzemubvunzo uye inogadzira matanda anoratidza shanduko yemamiriro ezvivakwa. Izvi zvinogona kubatsira vashandi vezvekuchengetedza kuti varambe vachiziva nezvechimiro chesisitimu uye inonyanya kubatsira pakuona zvinokanganisa. Osquery's log aggregation masimba anogona kushandiswa kukubatsira kuti uwane inozivikanwa uye isingazivikanwe malware, pamwe nekuona kuti vanorwisa vapinda kupi system yako uye nekuwana kuti ndeapi mapurogiramu avakaisa. Verenga zvimwe nezve anomaly yekuona uchishandisa Osquery.
2.GoAudit
maitiro ine zvikamu zvikuru zviviri. Yekutanga ndeimwe kernel-level kodhi yakagadzirirwa kubata uye kutarisa masisitimu mafoni. Chechipiri chikamu ndeye mushandisi nzvimbo daemon inonzi . Iyo ine basa rekunyora mhinduro dzekuongorora kune disk. , hurongwa hwakagadzirwa nekambani uye yakaburitswa muna 2016, yakanangana nekutsiva auditd. Yakavandudza hunyanzvi hwekutema matanda nekushandura akawanda-mutsara chiitiko meseji inogadzirwa neLinux yekuongorora system kuita imwechete JSON blobs kuti iongororwe nyore. NeGoAudit, unogona kuwana zvakananga kernel-level masisitimu pane network. Uye zvakare, iwe unogona kugonesa kushoma chiitiko kusefa pane iyo host pachayo (kana kudzima zvachose kusefa). Panguva imwecheteyo, GoAudit ipurojekiti yakagadzirirwa kwete chete kuve nechokwadi chekuchengetedza. Ichi chishandiso chakagadzirwa sechinhu-chakapfuma chishandiso chekutsigira masisitimu kana nyanzvi dzekusimudzira. Inobatsira kurwisa matambudziko muzvivakwa zvakakura.
Iyo GoAudit system yakanyorwa muGolang. Mutauro wemhando-yakachengeteka uye wepamusoro-soro. Usati waisa GoAudit, tarisa kuti vhezheni yako yeGolang yakakwira kupfuura 1.7.
3. Grapl
Iyo purojekiti (Graph Analytics Platform) yakaendeswa kune yakavhurika sosi chikamu munaKurume gore rapfuura. Iyo ipuratifomu nyowani yekuona nyaya dzekuchengetedza, kuitisa makomputa forensics, uye kugadzira mishumo yezviitiko. Vanorwisa vanowanzo shanda vachishandisa chimwe chinhu senge girafu modhi, kuwana kutonga kweimwe system uye kuongorora mamwe masisitimu etiweki kutanga kubva kune iyo system. Naizvozvo, zvakajairika kuti vadziviriri vehurongwa vachashandisawo michina yakavakirwa pane modhi yegirafu yekubatanidza yetiweki masisitimu, vachifunga nezve hukama hwehukama pakati pemasisitimu. Grapl inoratidza kuyedza kuita yekuona chiitiko uye matanho ekupindura anoenderana negirafu modhi kwete yerogi modhi.
Chishandiso cheGrapl chinotora matanda ane hukama nekuchengetedza (Sysmon matanda kana matanda mune yakajairwa JSON fomati) uye inoashandura kuita subgraphs (kutsanangura "chiziviso" cheimwe node). Mushure meizvozvo, inosanganisa subgraphs kuita yakafanana girafu (Master Graph), iyo inomiririra zviito zvinoitwa munzvimbo dzakaongororwa. Grapl yobva yamhanyisa Analyzer pagirafu inozobuda ichishandisa "attacker siginicha" kuona zvinokanganisa uye maitiro ekufungira. Kana iyo analyzer ikaratidza inonyumwira subgraph, Grapl inogadzira Engagement yekuvaka inoitirwa kuongororwa. Engagement ikirasi yePython inogona kutakurwa, semuenzaniso, muJupyter Notebook yakaiswa munzvimbo yeAWS. Grapl, nekuwedzera, inogona kuwedzera chiyero chekuunganidza ruzivo rwekuongorora chiitiko kuburikidza nekuwedzera kwegirafu.
Kana iwe uchida kunzwisisa zviri nani Grapl, unogona kutarisa inonakidza vhidhiyo - kurekodha kwekuita kubva kuBSides Las Vegas 2019.
4. OSSEC
ipurojekiti yakavambwa muna 2004. Iyi purojekiti, kazhinji, inogona kuratidzirwa seyakavhurika-sosi yekuchengetedza yekutarisa chikuva chakagadzirirwa kuongororwa kwevaenzi uye kuona kwekupinda. OSSEC inodhawunirodwa kanopfuura ka500000 pagore. Iyi puratifomu inoshandiswa zvakanyanya senzira yekuona kupindira pamaseva. Uyezve, isu tiri kutaura nezve ese emunharaunda uye makore masisitimu. OSSEC inowanzo shandiswa sechishandiso chekuongorora uye kuongorora matanda emoto, intrusion yekuona masisitimu, maseva ewebhu, uye zvakare yekudzidza matanda echokwadi.
OSSEC inosanganisa kugona kweHost-Based Intrusion Detection System (HIDS) neSecurity Incident Management (SIM) uye Chengetedzo Ruzivo uye Chiitiko Management (SIEM) system. . OSSEC inogona zvakare kutarisa kutendeseka kwefaira munguva chaiyo. Izvi, semuenzaniso, zvinotarisa iyo Windows registry uye inoona rootkits. OSSEC inokwanisa kuzivisa vane chekuita nezvematambudziko akaonekwa munguva chaiyo uye inobatsira kukurumidza kupindura kune kutyisidzira kwakaonekwa. Iyi puratifomu inotsigira Microsoft Windows uye mazhinji emazuva ano Unix-senge masisitimu, anosanganisira Linux, FreeBSD, OpenBSD uye Solaris.
Iyo OSSEC papuratifomu ine yepakati control entity, maneja, anoshandiswa kugamuchira nekutarisa ruzivo kubva kune vamiririri (zvirongwa zvidiki zvakaiswa pane masisitimu anoda kutariswa). Maneja akaiswa paLinux system, inochengeta dhatabhesi rinoshandiswa kutarisa kuvimbika kwemafaira. Iyo zvakare inochengeta matanda uye marekodhi ezviitiko uye system yekuongorora mhinduro.
Chirongwa cheOSSEC parizvino chiri kutsigirwa neAtomicorp. Iyo kambani inotarisira yemahara yakavhurika sosi vhezheni, uye, nekuwedzera, inopa shanduro yekutengeserana yechigadzirwa. podcast umo OSSEC purojekiti maneja anotaura nezve yazvino vhezheni yesystem - OSSEC 3.0. Inotaurawo nezvenhoroondo yeprojekti, uye kuti yakasiyana sei nemaitiro emazuva ano ekutengeserana anoshandiswa mumunda wekuchengetedzwa kwekombiyuta.
5. meerkat
ipurojekiti yakavhurika yakanangana nekugadzirisa matambudziko makuru ekuchengetedza komputa. Kunyanya, inosanganisira intrusion yekuona sisitimu, intrusion yekudzivirira sisitimu, uye network yekuchengetedza yekutarisa chishandiso.
Ichi chigadzirwa chakaonekwa muna 2009. Basa rake rinobva pamitemo. Ndiko kuti, uyo anoishandisa ane mukana wekutsanangura zvimwe zvetiweki traffic. Kana mutemo ukatanga, Suricata inogadzira chiziviso, ichivharira kana kumisa kubatana kunofungidzirwa, izvo, zvakare, zvinoenderana nemitemo yakatarwa. Iyo purojekiti zvakare inotsigira akawanda-tambo mashandiro. Izvi zvinoita kuti zvikwanise kukurumidza kugadzirisa huwandu hukuru hwemitemo mumatiweki anotakura mavhoriyamu makuru emotokari. Nekuda kwerutsigiro rwakawanda-rutsigiro, sevha yakajairika inokwanisa kunyatso ongorora traffic inofamba nekumhanya kwe10 Gbit/s. Muchiitiko ichi, mutungamiri haafaniri kudzikamisa seti yemitemo inoshandiswa pakuongorora motokari. Suricata inotsigirawo hashing uye kutora faira.
Suricata inogona kugadzirwa kuti imhanye pamasevha enguva dzose kana pamashini chaiwo, akadai seAWS, uchishandisa chinhu chichangobva kuunzwa muchigadzirwa. .
Iyo purojekiti inotsigira Lua zvinyorwa, izvo zvinogona kushandiswa kugadzira yakaoma uye yakadzama pfungwa yekuongorora masiginicha ekutyisidzira.
Chirongwa cheSuricata chinotungamirwa neOpen Information Security Foundation (OISF).
6. Zeek (Bro)
Kufanana naSuricata, (iyi purojekiti yaimbonzi Bro uye yakatumidzwa zita rekuti Zeek kuBroCon 2018) zvakare iri intrusion yekuona sisitimu uye netiweki yekuchengetedza yekutarisa chishandiso chinogona kuona kusanzwisisika senge fungidziro kana njodzi chiitiko. Zeek inosiyana neiyo IDS yechinyakare mune izvo, kusiyana nekutonga-kwakavakirwa masisitimu anoona kunze, Zeek zvakare inotora metadata ine chekuita nezviri kuitika panetiweki. Izvi zvinoitwa kuitira kuti unzwisise zviri nani mamiriro emaitiro asina kujairika network. Izvi zvinobvumira, semuenzaniso, nekuongorora kufona kweHTTP kana maitiro ekuchinjana zvitupa zvekuchengetedza, kutarisa protocol, pamisoro yepakiti, pamazita enzvimbo.
Kana isu tikafunga Zeek setiweki yekuchengetedza chishandiso, saka tinogona kutaura kuti inopa nyanzvi mukana wekuferefeta chiitiko nekudzidza nezve zvakaitika zvisati zvaitika kana panguva yechiitiko. Zeek zvakare inoshandura network traffic data kuita zviitiko zvepamusoro-soro uye inopa kugona kushanda nemuturikiri wezvinyorwa. Muturikiri anotsigira mutauro wepurogiramu unoshandiswa kupindirana nezviitiko uye kuona kuti zviitiko izvozvo zvinorevei maererano nekuchengetedzwa kwetiweki. Mutauro wechirongwa weZeek unogona kushandiswa kugadzirisa kuti metadata inoturikirwa sei kuti ienderane nezvinodiwa nesangano. Iyo inokutendera iwe kuti uvake akaoma kunzwisisa mamiriro uchishandisa iyo AND, KANA uye KWETE vashandisi. Izvi zvinopa vashandisi kugona kugadzirisa kuti nharaunda yavo inoongororwa sei. Nekudaro, zvinofanirwa kucherechedzwa kuti, mukuenzanisa neSuricata, Zeek inogona kuita senge chishandiso chakaomarara pakuita chengetedzo yekutyisidzira.
Kana iwe uchida mamwe ruzivo nezve Zeek, ndapota taura vhidhiyo.
7. Panther
inzvimbo ine simba, yekuzvarwa gore-yekuzvarwa papuratifomu yekuenderera mberi kwekuchengetedza kuchengetedza. Iyo ichangobva kuendeswa kune yakavhurwa sosi chikamu. Mugadziri mukuru ari pamabviro epurojekiti - mhinduro dzeotomatiki logi kuongororwa, iyo kodhi yakavhurwa neAirbnb. Panther inopa mushandisi sisitimu imwechete yekuona nechepakati kutyisidzira munzvimbo dzese uye kuronga mhinduro kwavari. Iyi sisitimu inokwanisa kukura pamwe chete nehukuru hwezvivakwa zviri kushumirwa. Kuonekwa kwekutyisidzira kunobva pamitemo yakajeka, inogadzirisa kuderedza zvisizvo zvenhema uye basa risingakoshi revashandi vekuchengetedza.
Pakati pezvinhu zvikuru zvePanther ndezvinotevera:
- Kuonekwa kwekusatenderwa kuwana zviwanikwa nekuongorora matanda.
- Kuonekwa kwekutyisidzira, kunoitwa nekutsvaga matanda kune zviratidzo zvinoratidza matambudziko ekuchengetedza. Kutsvaga kunoitwa uchishandisa Panter's standardized data fields.
- Kutarisa sisitimu yekutevedzera neSOC/PCI/HIPAA zviyero uchishandisa Panther nzira.
- Chengetedza zviwanikwa zvegore rako nekugadzirisa otomatiki zvikanganiso zvinogona kukonzera matambudziko akakura kana zvikashandiswa nevanorwisa.
Panther inoiswa pane yesangano AWS gore uchishandisa AWS CloudFormation. Izvi zvinobvumira mushandisi kugara achitonga data rake.
Migumisiro
Monitoring system kuchengetedza ibasa rakakosha mazuva ano. Mukugadzirisa dambudziko iri, makambani echero saizi anogona kubatsirwa neakavhurika sosi maturusi anopa mikana yakawanda uye asingadhuri chero chinhu kana mahara.
Vanodiwa vaverengi! Ndeapi maturusi ekutarisa kuchengetedza aunoshandisa?
Source: www.habr.com