Zimbalwa iintsuku ezidlulileyo, Kwatyhilwa iStamus Networks ngopapasho lokuphehlelelwa kwe-lInguqulelo entsha yosasazo olukhethekileyo «SELKS 7.0» eyenzelwe ukuphumeza iinkqubo zokubona kunye nokuthintela ukungena kwenethiwekhi, kunye nokuphendula kwizisongelo ezichongiweyo kunye nokubeka iliso kukhuseleko lwenethiwekhi.
Kwabo bangayazi inkqubo, kufuneka uyazi ukuba i-SELKS Yakhiwe kwisiseko sepakethe yeDebian kunye neqonga le-IDS elivulekileyo le-Suricata, apho igama likwayi-acronym ebhekiselele kwizixhobo eziphambili ezenza le nkqubo.
I-SELKS yenziwe la malungu alandelayo:
- I-Meerkat – iMeerkat ikulungele ukusetyenziswa
- I-Elasticsearch-Injini yokukhangela
- I-Logstash-Inaliti yelogi
- I-Kibana - IiDashbhodi zeSiko kunye nokuHlola uMnyhadala
- Scirius CE: Ulawulo lweSuricata Rule Set Management kunye neSuricata Threat Hunting Interface
Ukongeza, i-SELKS ngoku ibandakanya i-Arkime, i-EveBox kunye ne-CyberChef.
Ngalo lonke isethi yezixhobo, zisebenza kunye, njengoko idatha icutshungulwa ngokusebenzisa i-Logstash kwaye igcinwe kwi-ElasticSearch yokugcina kunye nokulandelela imeko yangoku kunye neziganeko ezichongiweyo, i-interface yewebhu ephunyeziweyo phezu kwe-Kibana inikezelwa.
Ujongano lwewebhu lwe-Scirius CE lusetyenziselwa ukulawula imithetho kunye nokujonga umsebenzi ohambelana nayo. Ikwabandakanya inkqubo yokubamba ipakethe ye-Arkime, i-interface yokuvavanya isiganeko se-EveBox, kunye ne-CyberChef data analyzer.
Abasebenzisi bafumana isisombululo solawulo lokhuseleko lwenethiwekhi ye-turnkey enokusetyenziswa ngokukhawuleza emva kokukhuphela.
Iimpawu ezintsha eziphambili ze-SELKS 7.0
Kolu guqulelo lutsha lwe-SELKS 7.0 luvezwayo, kuyacaca ukuba ngoku iyafumaneka njenge Docker ephathwayo Compose package okanye njengemifanekiso yokufaka i-turnkey (iifayile ze-ISO).
Ngaloo nto, Inketho nganye ngoku ibandakanya amacandelo amahlanu aphambili emithombo evulekileyo eyenza igama layo: I-Suricata, i-Elasticsearch, i-Logstash, i-Kibana kunye ne-Scirius Community Edition (uLawulo lwe-Suricata kunye ne-Suricata Hunting yi-Stamus Networks). Ukongezelela, i-SELKS ibandakanya amacandelo avela kwi-Arkime, i-EveBox, kunye ne-Cyberchef ezongezwa emva kokuba i-acronym isekiwe.
"Siyavuya ukwenza i-SELKS 7 ifumaneke ngokusemthethweni kwaye kwipakethi eyenza kube lula ukuyihambisa ngokukhawuleza kuyo nayiphi na i-Linux okanye i-Windows operating system, nokuba yindawo ebonakalayo okanye yefu," utshilo uPeter Manev, umseki kunye negosa eliyintloko leqhinga. eStamus. Uthungelwano. "Indlela ephuculweyo yokuzingela isisongelo kunye needeshibhodi zokuphendula ngesiganeko kunye nephakheji entsha yeDocker yenza ukuba i-SELKS ifikeleleke ngakumbi kubantu abafuna ukuphonononga amandla eSuricata ngaphandle kokutyala imali kwisisombululo sorhwebo."
Olunye utshintsho olugqamayo kolu guqulelo lutsha yi Inkqubo ezenzekelayo yomdlalo kwakhona esekelwe kwiirekhodi ezigciniweyos kwifomathi ye-PCAP, engasetyenziselwa ukuvavanya ukusebenza kwamanyathelo okukhusela aphunyeziweyo, ukuhlalutya isiganeko okanye kwinkqubo yokufunda.
Kuyacaciswa ukuba Isethi yezihluzi zokubona izoyikiso ze-cyber zandisiwe kwaye zaphuculwa (ukuzingela isongelo), ikuvumela ukuba uchonge ngokukhawuleza imisebenzi ekhohlakeleyo kunye nokufikelela ukuphulwa komthetho ngokukhangela iilogi zeSuricata kunye ne-NSM (Network Security Monitor).
Kwelinye icala, sinokufumanisa ukuba iyadibanisa Iphakheji ye-CyberChef, ekuvumela ukuba udibanise, uchaze kwaye uhlalutye idatha enxulumene nesiganeko, ukusebenza kweeprothokholi kunye neerekhodi ezenziwe nguSuricata.
Ukongeza koku, kukwagqama kwisibhengezo sale nguqulelo intsha ukuba Amacandelo amatsha ama-6 afakwe kwi-interface ye-Kibana ukujonga kunye nokubeka esweni umsebenzi onxulumene ne-SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT kunye ne-DCERPC protocol.
Gqibela kwabo banomdla wokwazi okungakumbi ngayoUngajonga iinkcukacha kwi ukulandela ikhonkco.
Khuphela kwaye ufumane i-SELKS
Kwabo banomdla wokukhuphela olu sasazo, kuya kufuneka wazi ukuba usasazo luxhasa ukusebenza kwimowudi ePhila kwaye isebenza kwi-virtualization okanye kwindawo yesikhongozeli. Uphuhliso lweprojekthi lusasazwa phantsi kwelayisensi ye-GPLv3.
Ubungakanani bomfanekiso we-boot yi-3 GB kwaye ungayifumana kwikhonkco elingezantsi.