Kwanan nan an sanar da kaddamar da tsarin kamawa, ajiya fakiti na cibiyar sadarwa da yin nuni Arkime 3.1, wanda ke ba da kayan aikin don tantance hanyoyin zirga -zirgar ababen hawa da bincika bayanai masu alaƙa da ayyukan cibiyar sadarwa.
An ci gaba da aikin asali ta AOL tare da manufar ƙirƙirar buɗewa da mai sauyawa don dandamalin sarrafa fakiti na cibiyar sadarwa na kasuwanci akan sabobin su waɗanda zasu iya sikeli don sarrafa zirga -zirgar a cikin sauri na gigabits goma a sakan daya.
Game da Arkime
Ga waɗanda ba su san Arkime ba, bari in gaya muku hakan wanda aka fi sani da Moloch wanda ya kasance kayan aiki don kamawa da ƙididdige zirga -zirga a cikin daidaitaccen tsarin PCAP kuma yana ba da kayan aikin don saurin isa ga bayanan da aka lissafa. Amfani da tsarin PCAP yana sauƙaƙe haɗin kai tare da masu nazarin zirga -zirgar ababen hawa kamar Wireshark. Adadin bayanan da aka adana yana iyakance ne kawai ta girman girman tsararren faifan da ke akwai. An ƙididdige metadata na zaman a cikin gungu dangane da injin Elasticsearch.
Don bincika bayanan da aka tara, ana ba da shawarar ƙirar gidan yanar gizon da ke ba da damar bincika, bincike da fitar da samfura. Gidan yanar gizon yana ba da hanyoyin nunawa da yawa: daga ƙididdiga na gaba ɗaya, taswirar haɗi da jadawalin gani tare da bayanai kan canje -canje a cikin ayyukan cibiyar sadarwa zuwa kayan aiki don nazarin zaman kowane mutum, nazarin ayyukan a cikin mahallin ƙa'idodin da aka yi amfani da su da nazarin bayanai daga juji na PCAP.
An kuma samar da API don ba da damar aikace-aikace na ɓangare na uku su wuce bayanan fakiti da aka kama a cikin tsarin PCAP da zaman da aka tsara a cikin tsarin JSON.
Arkimi Yana da abubuwa uku na asali:
- Tsarin Kama Traffic shine aikace -aikacen C da yawa don sa ido kan zirga -zirgar ababen hawa, rubuta juzu'in PCAP zuwa faifai, nazarin fakiti da aka kama, da aika metadata na zaman (Binciken Fakiti na Jiha) (SPI) da ladabi ga rukunin Elasticsearch. Rikodin ɓoye fayilolin PCAP mai yiwuwa ne.
- Shafin yanar gizo wanda ya dogara da dandamalin Node.js wanda ke gudana akan kowane sabar kamawar zirga -zirgar ababen hawa kuma yana gudanar da buƙatun da suka danganci samun bayanan da aka lissafa da canja wurin fayilolin PCAP ta hanyar API.
- Shagon metadata na tushen Elasticsearch.
Babban sabon labari na Arkime 3.1
A cikin wannan sabon sigar da aka saki ɗaya daga cikin mahimman canje -canje da ke fitowa shine canza sunan aikin, tunda kamar yadda na sama nayi sharhi akan aikin A baya an san shi da Moloch kuma masu haɓakawa sun yi sharhi cewa aikin ya sami ci gaba da canji mai mahimmanci kuma suna tsammanin lokaci ne mai kyau don canza sunan zuwa Arkime.
Wani daga cikin canje -canjen da ke fitowa shine sabon ƙirar mai amfani gaba ɗaya don daidaitawar WISE, ƙirƙira da sabunta hanyoyin WISE da ƙididdigar WISE. Wannan sabon kayan aiki ne mai ƙarfi don taimakawa masu amfani don farawa tare da WISE ko haɓaka sabis na WISE ba tare da ɓata lokaci akan sanyi ko fayilolin tushe ba.
A daya bangaren kuma, an lura cewa an ƙara tallafi don ƙa'idodin IETF QUIC, GENEVE, VXLAN-GPEBugu da ƙari, an ƙara tallafi don nau'in Q-in-Q (Biyu VLAN), wanda ke ba ku damar haɗa alamun VLAN a cikin alamun matakin na biyu don faɗaɗa adadin VLANs zuwa miliyan 16.
Daga sauran canje-canjen da suka yi fice:
- Ƙara tallafi don nau'in filin "mai iyo".
- Marubucin Amazon Elastic Compute Cloud marubuci ya motsa don amfani da IMDSv2 (Sabis na Metadata Sabis).
- Sabunta lambar don ƙara ramukan UDP.
- Ƙara tallafi don elasticsearchAPIKey da elasticsearchBasicAuth.
A ƙarshe, idan kuna sha'awar ƙarin sani game da wannan sabon sigar, kuna iya tuntuɓar cikakkun bayanai A cikin mahaɗin mai zuwa.
Samu Arkime
Ga waɗanda ke sha'awar samun damar samun wannan fa'ida, yakamata su sani cewa an rubuta lambar ɓangaren kama zirga -zirgar a cikin C kuma ana aiwatar da ƙirar a Node.js / JavaScript. An rarraba lambar tushe a ƙarƙashin lasisin Apache 2.0. Aiki akan Linux kuma ana tallafawa FreeBSD.
Shirye -shiryen kunshin Arch, CentOS da Ubuntu shirye kuma ana iya samun su daga mahaɗin da ke ƙasa.