Inguqulelo entsha ye-Arkime 3.1 (eyayisaziwa ngokuba yiMoleki) sele ikhutshiwe

Darkcrizt

Imizuzu ye4

Mva nje Ukuqaliswa kwenkqubo yokubamba kwabhengezwa, ukugcinwa kwepakethi yenethiwekhi kunye nesalathisi I-Arkime 3.1, ebonelela ngezixhobo zokuvavanya ngokubonakalayo ukuhamba kwezithuthi kwaye ukhangele ulwazi olunxulumene nomsebenzi wenethiwekhi.

Iprojekthi yaphuhliswa ekuqaleni yi-AOL ngeenjongo zokudala indawo evulekileyo nenokubekelwa bucala kwiiplatifomu zokuthengisa ipakethe yenethiwekhi kwiiseva zabo ezinokukhula ukujongana netrafikhi ngesantya samashumi egigabhithi ngomzuzwana.

Malunga noArkime

Kwabo bangaziyo ngeArkime, mandikuxelele loo nto ngaphambili yayisaziwa ngokuba nguMoloki eyayisisixhobo sokubamba kunye nesalathisi sendlela yokusebenza kwifomathi ye-PCAP eqhelekileyo kwaye ikwabonelela ngezixhobo zokufikelela ngokukhawuleza kwidatha enesalathisi. Ukusebenzisa ifomathi ye-PCAP kwenza lula ukudibanisa kunye nabahlalutyi bendlela abakhoyo njenge-Wireshark. Ubungakanani bedatha egciniweyo bukhawulelwe kuphela ngobungakanani bediski ekhoyo. Imetadata yeseshoni ifakwe kwisalathisi kwi-cluster esekwe kwi-injini ye-Elasticsearch.

Ukuhlalutya ulwazi oluqokelelweyo, ujongano lwewebhu lucetywayo oluvumela ukuhamba, ukukhangela kunye nokuthumela ngaphandle kweesampuli. I-intanethi ye-intanethi inikezela ngeendlela ezininzi zokujonga: ukusuka kwizibalo eziqhelekileyo, iimephu zokudibanisa kunye neegrafu ezibonakalayo kunye nedatha malunga neenguqu kumsebenzi womnatha kwizixhobo zokufunda iiseshoni zomntu ngamnye, ukuhlalutya umsebenzi kumxholo wemigaqo esetyenzisiweyo kunye nokuhlalutya idatha esuka kwi-PCAP yokulahla.

I-API iphinda ibonelelwe ukuvumela izicelo zeqela lesithathu ukuba zidlulise idatha yepakethe efakwe kwifomathi ye-PCAP kunye neeseshoni ezixutywe kwifomathi ye-JSON.

I-Arkime Inamacandelo amathathu asisiseko:

  1. I-Traffic Capture System yi-multithreaded C yesicelo sokubeka iliso kwi-traffic, ukubhala i-PCAP yokulahla kwidiski, ukuhlalutya iipakethi ezifakiwe, kunye nokuthumela i-metadata yeseshoni (ukuhlolwa kwepakethi eqinisekisiweyo) (SPI) kunye neeprothokholi kwi-cluster ye-Elasticsearch. Ukugcinwa okufihliweyo kweefayile zePCAP kunokwenzeka.
  2. I-interface yewebhu esekelwe kwi-platform ye-Node.js esebenza kwi-server nganye yokubamba i-traffic kwaye ibambe izicelo ezinxulumene nokufikelela kwidatha ye-indexed kunye nokudlulisa iifayile ze-PCAP nge-API.
  3. Ivenkile yemetadata esekwe kwi-Elasticsearch.

Iimpawu ezintsha eziphambili ze-Arkime 3.1

Kolu guqulelo lutsha lukhutshiweyo olunye lolona tshintsho lubalulekileyo olugqamayo lu ukutshintsha igama leprojekthi, ukusukela, njengoko benditshilo ngasentla malunga neprojekthi Ngaphambili ibisaziwa ngokuba yiMoloch kwaye abaphuhlisi bathi iprojekthi ifumene ukukhula kunye notshintsho olubalulekileyo kwaye bacinga ukuba yayilixesha elifanelekileyo lokutshintsha igama libe nguArkime. 

Olunye lolona tshintsho lubonakalayo ujongano lomsebenzisi omtsha ngokupheleleyo woqwalaselo lwe-WISE, ukudala nokuhlaziya imithombo ye-WISE kunye neenkcukacha-manani ze-WISE. Esi sisixhobo esitsha esinamandla sokunceda abasebenzisi ukuba baqalise nge-WISE okanye baphucule inkonzo yabo ye-WISE ngaphandle kokuchitha ixesha kuqwalaselo okanye kwiifayile zomthombo.

Ngaphezu koko Kugxininiswe ukuba inkxaso yongezwa kwi-IETF QUIC, GENEVE, VXLAN-GPE protocol., ngaphezu kokongeza inkxaso yohlobo lwe-Q-in-Q (i-Double VLAN), evumela iithegi ze-VLAN ukuba zifakwe kwiithegi zenqanaba lesibini ukwandisa inani le-VLAN kwi-16 yezigidi.

Olunye utshintsho olwahlukileyo:

  • Inkxaso eyongeziweyo yohlobo lwendawo "edadayo".
  • Umbhali we-Amazon Elastic Compute Cloud uye wathuthela ukusebenzisa i-Instance Metadata Service (IMDSv2) protocol.
  • Ukuhlengahlengiswa kwekhowudi ukongeza iitonela ze-UDP.
  • Inkxaso eyongeziweyo ye-elasticsearchAPIKey kunye ne-elasticsearchBasicAuth.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngale nguqulo intsha, unokujonga iinkcukacha Kule khonkco ilandelayo.

Fumana uArkime

Kwabo banomdla wokukwazi ukufumana olu ncedo, kufuneka wazi ukuba ikhowudi yecandelo lokubanjwa kwetrafikhi ibhaliwe kwi-C kwaye i-interface iphunyezwe kwi-Node.js/JavaScript. Ikhowudi yomthombo isasazwa phantsi kwelayisensi ye-Apache 2.0. Sebenza kwiLinux kunye neFreeBSD iyaxhaswa.

Iiphakheji ezilungeleyo zilungiselelwe i-Arch, i-CentOS kunye ne-Ubuntu kwaye inokufumaneka kwikhonkco elingezantsi.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.