Ukwamkelwa okuxhaphakileyo kwecomputing yelifu kunceda iinkampani zikhulise ishishini labo. Kodwa ukusetyenziswa kwamaqonga amatsha kuthetha ukuvela kwezisongelo ezintsha. Ukugcina iqela lakho ngaphakathi kwintlangano ejongene nokubeka iliso kukhuseleko lweenkonzo zefu akuyona into elula. Izixhobo ezikhoyo zokubeka iliso ziyabiza kwaye zicotha. Zi, ukuya kuthi ga kwinqanaba elithile, kunzima ukulawula xa kuziwa ekukhuseleni iziseko zophuhliso zamafu. Ukugcina ukhuseleko lwabo lwamafu kwinqanaba eliphezulu, iinkampani zidinga izixhobo ezinamandla, eziguquguqukayo, kunye ne-intuitive ezihamba ngaphaya kwezinto ebezikhona ngaphambili. Apha kulapho itekhnoloji yomthombo ovulekileyo isiza kakhulu, inceda ukugcina uhlahlo lwabiwo-mali lokhuseleko kwaye yenziwe ziingcali ezazi kakhulu malunga neshishini labo.
Inqaku, inguqulelo esiyipapashayo namhlanje, ibonelela ngesishwankathelo sezixhobo ezivulekileyo ze-7 zokubeka iliso kukhuseleko lweenkqubo zamafu. Ezi zixhobo zenzelwe ukukhusela kubahlaseli kunye nabaphuli be-intanethi ngokufumanisa izinto ezingaqhelekanga kunye nemisebenzi engakhuselekanga.
1. I-Osquery
Isakhelo se-Osquery senziwe nguFacebook. Ikhowudi yayo yavulwa kwi-2014, emva kokuba inkampani iqaphele ukuba kwakungeyona kuphela ngokwayo efuna izixhobo zokubeka iliso kwiindlela ezisezantsi zeenkqubo zokusebenza. Ukusukela ngoko, i-Osquery isetyenziswe ziingcali ezivela kwiinkampani ezinjengeDactiv, Google, Kolide, Trail of Bits, Uptycs, kunye nabanye abaninzi. Bekutsha nje
I-daemon yomgcini we-Osquery, ebizwa ngokuba yi-osqueryd, ikuvumela ukuba ucwangcise imibuzo eqokelela idatha kwiziseko zoncedo zombutho wakho. I-daemon iqokelela iziphumo zemibuzo kwaye yenza iilogi ezibonisa utshintsho kwimeko yeziseko. Oku kunokunceda abachwephesha bokhuseleko bahlale benolwazi ngobume benkqubo kwaye kuluncedo kakhulu ekuchongeni izinto ezingaqhelekanga. Ilog ye-Osquery's aggregation capabilities inokusetyenziselwa ukukunceda ufumane i-malware eyaziwayo nengaziwayo, kunye nokuchonga apho abahlaseli bangene khona kwinkqubo yakho kwaye bafumane ukuba zeziphi iinkqubo abazifakileyo.
2.GoAudit
Inkqubo
Inkqubo yeGoAudit ibhalwe ngesiGolang. Lulwimi olukhuselekileyo nolusebenza kakhulu. Ngaphambi kokufaka iGoAudit, jonga ukuba inguqulelo yakho yeGolang iphezulu kune-1.7.
3. Grapl
Le projekthi
Isixhobo se-Grapl sithatha iilogi ezinxulumene nokhuseleko (iilogi ze-Sysmon okanye iilogi kwifomathi ye-JSON eqhelekileyo) kwaye iguqule kwii-subgraphs (echaza "ubunikazi" kwi-node nganye). Emva koko, idibanisa ii-subgraphs kwigrafu eqhelekileyo (i-Master Graph), emele izenzo ezenziwa kwiindawo ezihlalutyiweyo. Emva koko i-Grapl iqhuba abaHlalutyi kwigrafu enesiphumo isebenzisa βiisignitsha zomhlaseliβ ukuchonga izinto ezingaqhelekanga kunye neepateni ezirhanelekayo. Xa umhlalutyi echonga i-subgraph ekrokrisayo, i-Grapl ivelisa i-Engagement construction ejoliswe kuphando. Uthethathethwano ludidi lwePython olunokulayishwa, umzekelo, kwiJupyter Notebook efakwe kwindawo ye-AWS. I-Grapl, ukongeza, inokwandisa isikali sokuqokelelwa kolwazi kuphando lwezehlo ngokwandisa igrafu.
Ukuba ufuna ukuqonda ngcono iGrapl, ungajonga
4. I-OSSEC
I-OSSEC idibanisa amandla eNkqubo yokuHlola i-Intrusion Detection System (HIDS) kunye noLawulo lwezehlo zoKhuseleko (SIM) kunye nenkqubo yoLwazi lwezoKhuseleko kunye noLawulo lweMisitho (SIEM). I-OSSEC inokubeka iliso kwimfezeko yefayile ngexesha lokwenyani. Oku, umzekelo, kubeka iliso kwirejista yeWindows kwaye ibone i-rootkits. I-OSSEC iyakwazi ukwazisa abachaphazelekayo malunga neengxaki ezifunyenweyo ngexesha langempela kwaye inceda ukuphendula ngokukhawuleza kwiisongelo ezifunyenweyo. Eli qonga lixhasa uMicrosoft Windows kunye nezona nkqubo zangoku ezifana ne-Unix, eziquka iLinux, iFreeBSD, i-OpenBSD kunye neSolaris.
Iqonga le-OSSEC liquka iziko lolawulo oluphakathi, umphathi, osetyenziselwa ukufumana nokubeka iliso ulwazi oluvela kwii-arhente (iinkqubo ezincinci ezifakwe kwiisistim ezifuna ukubekwa esweni). Umphathi ufakwe kwisixokelelwano seLinux, esigcina idatabase esetyenziselwa ukujonga ingqibelelo yeefayile. Ikwagcina iilogi kunye neerekhodi zeziganeko kunye neziphumo zophicotho lwenkqubo.
Iprojekthi ye-OSSEC okwangoku ixhaswa yi-Atomicorp. Inkampani yongamela inguqulelo yomthombo ovulekileyo wasimahla, kwaye, ukongeza, inikezela
5. meerkat
Le mveliso yavela kwi-2009. Umsebenzi wakhe usekelwe kwimithetho. Oko kukuthi, lowo uyisebenzisayo unethuba lokuchaza iimpawu ezithile zetrafikhi yenethiwekhi. Ukuba umgaqo ubangelwa, i-Suricata ivelisa isaziso, ukuvimba okanye ukuphelisa uxhulumaniso olusolisayo, oluthi, kwakhona, luxhomekeke kwimigaqo echaziweyo. Iprojekthi ikwaxhasa ukusebenza ngemisonto emininzi. Oku kwenza kube lula ukucubungula inani elikhulu lemithetho kwiinethiwekhi ezithwala umthamo omkhulu wezithuthi. Ngombulelo kwinkxaso ye-multi-threading, iseva eqhelekileyo ngokupheleleyo iyakwazi ukuhlalutya ngempumelelo ukuhamba kwezithuthi ngesantya se-10 Gbit / s. Kule meko, umlawuli akafuneki ukukhawulela isethi yemigaqo esetyenziselwa uhlalutyo lwendlela. I-Suricata ikwaxhasa i-hashing kunye nokufunyanwa kwefayile.
I-Suricata inokuqwalasela ukuba isebenze kwiiseva eziqhelekileyo okanye koomatshini abanenyani, abafana ne-AWS, isebenzisa into esanda kwaziswa kwimveliso.
Iprojekthi ixhasa izikripthi ze-Lua, ezinokuthi zisetyenziswe ukudala ingqiqo enzima kunye eneenkcukacha zokuhlalutya izisayino zezoyikiso.
Iprojekthi yeSuricata ilawulwa yi-Open Information Security Foundation (OISF).
6. Zeek (Bhuti)
NjengoSuricata,
Ukuba sithatha iZeek njengesixhobo sokhuseleko lwenethiwekhi, ngoko sinokuthi inika ingcali ithuba lokuphanda isiganeko ngokufunda malunga nento eyenzekayo ngaphambi okanye ngexesha lesiganeko. I-Zeek ikwaguqula idatha yetrafikhi yomnatha kwimisitho ephezulu kwaye ibonelela ngesakhono sokusebenza kunye netoliki yeskripthi. Itoliki isekela ulwimi lwenkqubo olusetyenziselwa ukusebenzisana neziganeko kunye nokufumanisa ukuba yintoni kanye kanye ezo ziganeko zithetha ngokubhekisele kukhuseleko lwenethiwekhi. Ulwimi lwenkqubo lweZeek lunokusetyenziswa ukwenza indlela imetadata etolikwa ngayo ukuze ihambelane neemfuno zombutho othile. Ikuvumela ukuba wakhe iimeko ezinzima ezisengqiqweni usebenzisa i-AND, OKANYE HAYI abaqhubi. Oku kunika abasebenzisi amandla okwenza ngendlela eyiyo indlela imo engqongileyo ecazululwa ngayo. Nangona kunjalo, kufuneka kuqatshelwe ukuba, xa kuthelekiswa ne-Suricata, i-Zeek inokubonakala ngathi sisixhobo esintsokothileyo xa siqhuba ukujongwa kwakhona kwesisongelo sokhuseleko.
Ukuba unomdla kwiinkcukacha ezingaphezulu malunga neZeek, nceda uqhagamshelane
7. I-Panther
Phakathi kwezinto eziphambili zePanther zilandelayo:
- Ukufunyanwa kokufikelela okungagunyaziswanga kwizibonelelo ngokuhlalutya iilogi.
- Ukufunyaniswa kwesoyikiso, kuphunyezwe ngokukhangela iingodo zezalathi ezibonisa iingxaki zokhuseleko. Ukukhangela kuqhutywa kusetyenziswa iindawo zedatha ezisemgangathweni zePanter.
- Ukujonga inkqubo yokuthobela imigangatho yeSOC/PCI/HIPAA usebenzisa
eyakhelwe-ngaphakathi Iindlela zePanther. - Khusela izixhobo zakho zelifu ngokulungisa ngokuzenzekelayo iimpazamo zoqwalaselo ezinokubangela iingxaki ezinzulu ukuba zisetyenziswe ngabahlaseli.
I-Panther ifakwe kwilifu le-AWS yombutho usebenzisa i-AWS CloudFormation. Oku kuvumela umsebenzisi ukuba ahlale elawula idatha yakhe.
Iziphumo
Ukubeka iliso kwinkqubo yokhuseleko ngumsebenzi obalulekileyo kule mihla. Ekusombululeni le ngxaki, iinkampani zaso nasiphi na isayizi zinokuncediswa zizixhobo ezivulekileyo zomthombo obonelela ngamathuba amaninzi kwaye zibiza phantse nantoni na okanye zisimahla.
Bafundi abathandekayo! Zeziphi izixhobo esweni ukhuseleko oyisebenzisayo?
umthombo: www.habr.com