I-SELKS, i-distro yokuvimbela nokutholwa kokungena kwenethiwekhi

Ezinsukwini ezimbalwa ezedlule, I-Stamus Networks ikhishwe ngokushicilelwa kwethulwa kwe-linguqulo entsha yokusabalalisa okukhethekile «SELKS 7.0» eklanyelwe ukusebenzisa izinhlelo zokuthola nokuvimbela ukungena kwenethiwekhi, kanye nokusabela ezinsongweni ezihlonziwe nokuqapha ukuphepha kwenethiwekhi.

Kulabo abangalwazi uhlelo, kufanele wazi ukuthi i-SELKS yakhiwe ngesisekelo sephakheji le-Debian kanye nenkundla ye-IDS evulekile ye-Suricata, igama layo liphinde libe isifinyezo esibhekisela kumathuluzi ayinhloko akha lolu hlelo.

I-SELKS Iqukethe izingxenye eziyinhloko ezilandelayo:

  • I-Meerkat – I-Meerkat isilungele ukuhamba
  • I-Elasticsearch - Injini Yokusesha
  • I-Logstash - Umjovo Welogi
  • I-Kibana: amaphaneli wangokwezifiso nokuhlola umcimbi
  • I-Scirius CE: Ukuphathwa kwesethi yemithetho ye-Suricata kanye nesixhumi esibonakalayo sokuzingela esisongela i-Suricata

Ukwengeza, i-SELKS manje ihlanganisa i-Arkime, i-EveBox, ne-CyberChef.

Ngalo lonke leli sethi lamathuluzi, asebenza ndawonye, ​​njengoba idatha icutshungulwa yi-Logstash futhi igcinwe kusitoreji se-ElasticSearch futhi ukulandelela isimo samanje nezigameko ezihlonziwe, ukusebenzelana kwewebhu okusetshenziswe phezulu kwe-Kibana kunikezwa.

I-web interface ye-Scirius CE isetshenziselwa ukuphatha imithetho nokubuka umsebenzi ohlotshaniswa nayo. Ihlanganisa nohlelo lokuthwebula iphakethe le-Arkime, isixhumi esibonakalayo sokuhlola umcimbi we-EveBox, kanye nokuhlaziya idatha ye-CyberChef.

Abasebenzisi bathola isisombululo sokulawula ukuphepha kwenethiwekhi ye-turnkey engasetshenziswa ngokushesha ngemva kokulanda.

Amanoveli amakhulu we-SELKS 7.0

Kule nguqulo entsha ye-SELKS 7.0 eyethulwa, kugqanyiswe lokho manje iyatholakala njengephakeji le-Docker Compose ephathekayo noma njengezithombe zokufaka i-turnkey (amafayela e-ISO).

Ngalokho, inketho ngayinye manje ihlanganisa izingxenye ezinhlanu ezibalulekile zomthombo ovulekile ezakha igama layo: I-Suricata, i-Elasticsearch, i-Logstash, i-Kibana, ne-Scirius Community Edition (Ukuphathwa kwe-Suricata kanye nokuzingela kwe-Suricata kusuka ku-Stamus Networks). Ukwengeza, i-SELKS ihlanganisa izingxenye ezivela ku-Arkime, EveBox, ne-Cyberchef ezengezwe ngemva kokusungulwa kwesifinyezo.

"Sijabule ukwenza i-SELKS 7 itholakale ngokusemthethweni futhi ephaketheni elenza kube lula ukulisebenzisa ngokushesha kunoma iyiphi i-Linux noma i-Windows operating system, kungakhathaliseki ukuthi isendaweni ebonakalayo noma emafini," kusho uPeter Manev, umsunguli kanye nenduna. isikhulu samasu we-Stamus. Amanethiwekhi. "Isixhumi esibonakalayo esithuthukisiwe sokuzingela usongo kanye namadeshibhodi okuphendula isigameko kanye nephakheji entsha ye-Docker yenza i-SELKS ifinyeleleke nakakhulu kubantu abafuna ukuhlola amandla eSuricata ngaphandle kokutshala imali kusixazululo sezentengiselwano."

Olunye ushintsho olugqamayo kule nguqulo entsha a isistimu yokudlala ezenzakalelayo ngokugcwele esekelwe kulogi alondoloziwes ngefomethi ye-PCAP, engasetshenziswa ukuhlola ukusebenza kwezinyathelo zokuvikela ezisetshenzisiwe, ukuze kuhlaziywe isigameko noma kunqubo yokufunda.

Kubuye kuqhakanjiswe lokho isethi yezihlungi zokuthola izinsongo ku-inthanethi yandisiwe futhi yathuthukiswa (ukuzingela okusongelayo), okuvumela ukuhlonza ngokushesha imisebenzi enonya kanye nokwephulwa kwemithetho yokufinyelela ngokusesha izingodo ze-Suricata ne-NSM (Network Security Monitor).

Ngakolunye uhlangothi, singathola futhi ukuthi ihlanganisa iphakethe le-CyberChef, elikuvumela ukuthi ufake ikhodi, uhlukanise futhi uhlaziye idatha ehlobene nemicimbi, ukusebenza kwezivumelwano namarekhodi adalwe yi-Suricata.

Ngaphezu kwalokhu, kuphinde kugqanyiswe isimemezelo sale nguqulo entsha ukuthi Izigaba ezintsha ezingu-6 zengezwe kusixhumi esibonakalayo se-Kibana ukuze ubuke futhi ugade umsebenzi ohlobene ne-SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT, kanye nezivumelwano ze-DCERPC.

Okokugcina kulabo abanentshisekelo yokwazi kabanzi ngaloUngahlola imininingwane ku- isixhumanisi esilandelayo.

Landa futhi uthole ama-SELKS

Kulabo abanentshisekelo yokukwazi ukulanda lokhu kusatshalaliswa, kufanele bazi ukuthi ukusatshalaliswa kusekela ukusebenza kumodi ebukhoma futhi kusebenza endaweni ye-virtualization noma yesitsha. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-GPLv3.

Usayizi wesithombe sokuqalisa ngu-3 GB futhi ungawuthola kusuka kusixhumanisi esingezansi.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe.

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.