Eminyakeni embalwa edlule, lapho siqala ukusebenzisa i- Change Auditor ebhange elilodwa, sabona uhlu olukhulu lwemibhalo ye-PowerShell eyenza umsebenzi wokucwaninga ofanayo ncamashi, kodwa kusetshenziswa indlela yesikhashana. Sekudlule isikhathi esiningi kusukela lapho, ikhasimende lisasebenzisa i-Change Auditor futhi likhumbula ukusekelwa kwazo zonke lezo mibhalo njengephupho elibi. Lelo phupho belingase liphenduke iphupho elibi ukube umuntu okhonze imibhalo kumuntu oyedwa ubevele ayeke, akhohlwe wukudlulisa ulwazi oluyimfihlo. Sezwa ngozakwethu ukuthi amacala anjengalawa ayenzeka lapha nalapha futhi lokhu kwabe sekuletha isiphithiphithi esibonakalayo emsebenzini womnyango wezokuphepha kolwazi. Kulesi sihloko, sizokhuluma ngezinzuzo eziyinhloko ze-Change Auditor futhi simemezele i-webinar ngoJulayi 29 kuleli thuluzi lokuzenzekelayo lokuhlola. Ngezansi kokusikwa kukhona yonke imininingwane.
Isithombe-skrini esingenhla sibonisa i-IT Security Search web interface enebha yokusesha efana ne-google, lapho kulula khona ukuhlunga imicimbi ukusuka ku-Shintsha Auditor futhi ulungiselele ukubuka.
Guqula i-Auditor iyithuluzi elinamandla lokuhlola izinguquko kungqalasizinda ye-Microsoft, ama-disk arrays kanye ne-VMware. Ukucwaningwa kwamabhuku kuyasekelwa: AD, Azure AD, SQL Server, Exchange, Exchange Online, Sharepoint, Sharepoint Online, Windows File Server, OneDrive for Business, Skype for Business, VMware, NetApp, EMC, FluidFS. Kukhona imibiko efakwe ngaphambilini yokuthobelana namazinga e-GDPR, SOX, PCI, HIPAA, FISMA, GLBA.
Amamethrikhi aqoqwa kumaseva e-Windows ngendlela esekwe kumenzeli, okuvumela ukuhlola kusetshenziswa ukuhlanganiswa okujulile kumakholi ngaphakathi kwe-AD futhi, njengoba umthengisi ngokwakhe ebhala, le ndlela ithola izinguquko ngisho nasemaqenjini akhiwe ngokujulile futhi yethula umthwalo omncane kunalapho kubhalwa, kufundwa futhi. ukubuyisa izingodo (yiyo indlela asebenza ngayo ). Ungayihlola ngokulayisha okuphezulu. Njengomphumela walokhu kuhlanganiswa kwezinga eliphansi, ku-Quest Change Auditor ungakwazi ukuphikisa izinguquko ezithile zezinto ezithile, ngisho nakubasebenzisi abasezingeni Lomphathi Webhizinisi. Okungukuthi, zivikele kubaphathi be-AD abanonya.
Ku-Shintsha Auditor, zonke izinguquko zenziwa ngokwejwayelekile zibe uhlobo lwe-5W - Who, What, Where, Nini, Workstation (Ubani, Yini, Kuphi, Nini futhi kusiphi isiteshi sokusebenza). Le fomethi ikuvumela ukuthi uhlanganise imicimbi etholwe emithonjeni ehlukene.
NgoJuni 2, 2020, kwakhululwa inguqulo entsha ye-Change Auditor - 7.1. Inokuthuthukiswa okubalulekile okulandelayo:
- Ukutholwa kosongo lwe-Pass-the-Ticket (ukuhlonza Amathikithi e-Kerberos anedethi yokuphelelwa yisikhathi edlula inqubomgomo yesizinda, okungase kubonise ukuhlaselwa kweThikithi Legolide okungenzeka kube khona);
- ukucwaninga kokuqinisekisa okuyimpumelelo nokungaphumeleli kwe-NTLM (unganquma inguqulo ye-NTLM futhi wazise mayelana nezinhlelo zokusebenza ezisebenzisa i-v1);
- ukuhlolwa kokuqinisekisa okuyimpumelelo nokungaphumeleli kwe-Kerberos;
- Ithumela ama-agent acwaningayo ehlathini elingumakhelwane le-AD.
Isithombe-skrini sibonisa usongo oluhlonziwe olunesikhathi eside sokuqinisekiswa kweThikithi le-Kerberos.
Kanye nomunye umkhiqizo ovela ku-Quest - On Demand Audit, ungahlola izindawo eziyingxube kusuka kusixhumi esibonakalayo esisodwa futhi uqaphe amalogo ngo-AD, i-Azure AD kanye nezinguquko ku-Office 365.
Enye inzuzo ye-Change Auditor ukuthi kungenzeka ukuhlanganiswa ngaphandle kwebhokisi nohlelo lwe-SIEM ngokuqondile noma ngomunye umkhiqizo we-Quest - i-InTrust. Uma usetha ukuhlanganiswa okunjalo, ungenza izenzo ezizenzakalelayo ukuze ucindezele ukuhlasela nge-InTrust, futhi ku-Elastic Stack efanayo ungasetha ukubuka futhi unikeze osebenza nabo ukufinyelela ukuze babuke idatha yomlando.
Ukuze ufunde kabanzi mayelana ne-Change Auditor, sikumema ukuthi uhambele i-webinar, ezokwenzeka ngoJulayi 29 ngo-11 ekuseni ngesikhathi saseMoscow. Ngemuva kwe-webinar uzokwazi ukubuza noma yimiphi imibuzo ongase ube nayo.
Izindatshana eziningi ezimayelana nezixazululo zokuphepha ze-Quest:
Ungathumela isicelo sokubonisana, ukusatshalaliswa noma iphrojekthi yokuhlola ngokusebenzisa kuwebhusayithi yethu. Kukhona nezincazelo zezixazululo ezihlongozwayo.
Source: www.habr.com