Okuqukethwe fihla
1 I-Cisco v7.5.3 I-Secure Network Analytics
2 Isingeniso
3 Kuphelileview
4 Isilinganiso Sokusebenza
5 Ilungiselela I-Flow Collector ukuze I-Ingest Zeek Telemetry
6 Lungiselela i-Zeek Telemetry kokuthi Izilungiselelo Ezithuthukisiwe
7 Iqinisekisa i-Zeek Telemetry
8 Ukuhlola Imicimbi ye-Zeek
9 Umbiko wezingodo ze-Zeek
10 Amadokhumenti / Izinsiza
10.1 Izithenjwa

I-Cisco-LOGO

I-Cisco v7.5.3 I-Secure Network Analytics

I-Cisco-v7-5-3-Secure-Network-Analytics-PRODUCT-IMAGE 1

Isingeniso

  • Sebenzisa lo mhlahlandlela ukuze ulungiselele i-Cisco Secure Network Analytics (eyayibizwa ngokuthi i-Stealthwatch), i-v7.5.3 noma eyakamuva, ukuze uthwebule i-Zeek telemetry.
  • Ukuze ulungiselele i-Zeek telemetry nge-Secure Network Analytics, qiniseka ukuthi unesitolo sedatha nezibalo ezinikwe amandla.

Kuphelileview

I-Zeek isetshenziswa ngokuyinhloko njengesihlaziyi sethrafikhi yenethiwekhi evumela amaqembu ezokuphepha ukuthi ahlaziye ithrafikhi yenethiwekhi, athole umsebenzi osolisayo, futhi aphenye izinsongo ezingaba khona ngokukhiqiza amalogi anemininingwane yemicimbi yenethiwekhi, okuhlanganisa imininingwane yeleveli yohlelo lokusebenza, ngamakhono ayo okuhlaziya iphrothokholi. I-Zeek inikeza okulandelayo:

  • Ukuzingela Usongo kanye Nempendulo Yesigameko: Ngokuhlaziya amalogi e-Zeek, amaqembu okuvikela angakwazi ukuhlonza impatho exakile, aphenye izehlakalo zokuphepha ezingaba khona, futhi azingele umsebenzi onobungozi kunethiwekhi yonkana.
  • Imodi yokwenziwa: Ngenxa yokuthi i-Zeek isebenza ngemodi yokwenziwa, ibheka ithrafikhi yenethiwekhi ngaphandle kokuphazamisa ukuhamba, ayiphazamisi kakhulu ukusebenza kwenethiwekhi.
  • Amalogi anemininingwane: I-Zeek ikhiqiza amalogi anemininingwane athwebula ulwazi oluphelele mayelana noxhumo lwenethiwekhi, okuhlanganisa ne-timestamps, umthombo/indawo okuyiwa kuyo amakheli e-IP, izimbobo, izivumelwano, ngisho file okuqukethwe, kusiza ukuhlaziya okuphelele.
  • Isitoreji: Izingodo ze-Zeek zigcinwa kanje.
    • Amalogi amaningi agcinwa ku-Flow Collector, kodwa i-conn.log iseSitolo Sedatha.
    • I-Flow Collector isusa yonke idatha endala kunezinsuku ezingu-30. Ukuze uthole imininingwane eyengeziwe, bheka "Izimfuneko Zensiza" Kumhlahlandlela Wokufakwa Kwezinto Zokusebenza Ze-Virtual Edition.

Izimfuneko
Qiniseka ukuthi i-Analytics ivuliwe. Khetha okuthi Lungiselela > Ukutholwa > Izibalo kumenyu enkulu, bese uchofoza okuthi Izibalo Vuliwe.

Izidingo zimi kanje.

  • Vikela i-Network Analytics v7.5.3.
  • Isitolo Sedatha esinezibalo sinikwe amandla.
  • I-Zeek telemetry iyinto ezenzakalelayo yokufakwa okusha phakathi Nokusetha Isikhathi Sokuqala. Uma uthuthukela ekukhishweni kwangaphambilini, uzodinga ukulungiselela i-Zeek telemetry kokuthi Izilungiselelo Ezithuthukile.
  • Awudingi ukuthenga ilayisense ehlukile ye-Zeek telemetry. Ukuze uthole ulwazi olwengeziwe mayelana nokulayisensa, bheka ku-Smart Software Licensing Guide 7.5.3.

Isilinganiso Sokusebenza

  • Sisekela imicimbi engu-100,000 (imilayezo ye-Syslog) ngesekhondi ngayinye kungxenyekazi yezingxenyekazi zekhompuyutha. Ukuze uthole imininingwane mayelana nezidingo zensiza, bheka kumhlahlandlela wokufaka izingxenyekazi zekhompuyutha. Ukuze uthole ulwazi olwengeziwe mayelana nezidingo zensiza ye-telemetry ehlanganisiwe, bheka Umhlahlandlela Wokufakwa Kwezinto Zokusebenza Ze-Virtual Edition.
  • Kunezici ezimbalwa, njengezinga lomcimbi kanye nenani lezinhlobo zamalogi ezidliwayo, ezingaba nomthelela ekusebenzeni kwakho okuthile. Nakuba senza konke okusemandleni ethu ukumela idatha ngendlela efanele futhi enembe ngangokunokwenzeka, indawo yakho ingase ibe nemikhawulo ehlukene.

Zeek Izingodo
Siqoqa wonke amalogi e-Zeek nge-Syslog kodwa okwamanje sigxile kuphela kokulandelayo:

  • conn.log
  • dns.log
  • smb_files.logor smb_mappings.log
  • dce_rpc_log
  • Kwezinye izimo, i-smb_files.logand dce_rpc.log ingase ithunyelwe ku-smb_mappings.log.

Amalogi e-Zeek kufanele alungiselelwe ukuthi athunyelwe i-Syslog njenge-JSON ngefomethi ethile.

  • Ezokuthutha: Amalogi e-Zeek asebenzisa ifomethi ye-JSON phezu kwe-Syslog phezu kwe-UDP (imbobo ezenzakalelayo 9514).
  • Ifomethi: Ijeneretha yelogi ye-Zeek kufanele yengeze i-zeek_fileigama=”xxx.log”tag ngaphambi kweyunithi yezinhlamvu ye-JSONL Yokuqoqwa Okugelezayo.

Ilungiselela I-Flow Collector ukuze I-Ingest Zeek Telemetry

Lezi yizinketho ezimbili zokumisa i-Zeek telemetry ku-Secure Network Analytics:

  • Ukusethwa Kokuqala: I-Zeek telemetry iyona ezenzakalelayo yokufakwa okusha, kodwa ungaqinisekisa i-Zeek Telemetry Ngesikhathi Sokusetha Isikhathi Sokuqala (Isitolo Sedatha Kuphela).
  • Izilungiselelo Ezithuthukisiwe: Uma uthuthukela ekukhishweni kwangaphambilini, uzodinga ukulungisa i-Zeek Telemetry kokuthi Izilungiselelo Ezithuthukile.

Ukuze uthole ulwazi olwengeziwe mayelana nokulungiselela I-Secure Network Analytics, bheka Umhlahlandlela Wokucushwa Kwesistimu.

Qinisekisa i-Zeek Telemetry Ngesikhathi Sokusetha Kokuqala (Isitolo Sedatha Kuphela)
Ukuze unike amandla ukungeniswa kwe-telemetry ye-Zeek ku-Flow Collector entsha eneSitolo Sedatha, qedela lezi zinyathelo ezilandelayo:

  1. Landela imiyalelo kugaydi esebenzayo yokufaka into esebenza ku-Flow Collector yakho. Bese, sebenzisa Umhlahlandlela Wokucushwa Kwesistimu ukuze uthole imiyalelo enemininingwane eminingi mayelana nokucushwa komshini wezinhlobo eziningi ze-telemetry.
  2. Finyelela kukhonsoli yomshini ebonakalayo. Vumela umshini obonakalayo ukuthi uqedele ukuqalisa.
  3. Ngena nge-console.
    • Ngena ngemvume: sysadmin
    • Iphasiwedi ezenzakalelayo: lan1 cope
      Ngokuvamile uzoshintsha iphasiwedi ezenzakalelayo lapho ulungiselela isistimu okokuqala ngqa.
  4. Review imininingwane yemizamo yokungena ehlulekile. Khetha KULUNGILE ukuze uqhubeke.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (1)
  5. Review isethulo Sesethaphu Sokuqala. Khetha KULUNGILE ukuze uqhubeke.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (2)
  6. Khetha ama-Zeek Logs ohlwini lwezinhlobo ze-telemetry. Khetha KULUNGILE ukuze uqhubeke.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (3) Zonke izinhlobo ze-telemetry zikhethwa ngokuzenzakalelayo ekusetshenzisweni okusha. Uma uthuthukela ku-v752 kusukela ekukhishweni kwangaphambilini, bheka ku-Configure Zeek Telemetry kokuthi Izilungiselelo Ezithuthukisiwe.
  7. Qinisekisa ukuthi imbobo ye-Zeek Logs ithi 9514, bese ukhetha KULUNGILE.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (4) Sincoma ukuthi usebenzise i-port 9514. Ungasebenzisi izimbobo 2055, 514, noma 8514.
    Qiniseka ukuthi izimbobo zakho ze-telemetry zihlukile. Uma ulungiselela izimbobo ze-telemetry eziyimpinda, izimbobo zizosethwa kabusha zibe okumisiwe kwazo kwangaphakathi ukugwema ukulahleka kwedatha yokugeleza. Okwesiboneloample, uma i-NetFlow ne-Zeek zithekeliswa embotsheni ye-telemetry efanayo, idivayisi ngayinye ethekelisa idatha ye-Zeek izodala isithekelisi ku-Flow Collector futhi isebenzise izinsiza ezithumela ngaphandle kunjini ye-Flow Collector, okuholela ekulahlekeni kokugeleza kwedatha.
  8. Chofoza okuthi Faka ukuze ulondoloze izinguquko zakho.
  9. Landela imiyalo esesikrinini ukuze uqedele indawo ebonakalayo bese uqala kabusha insiza.

Lungiselela i-Zeek Telemetry kokuthi Izilungiselelo Ezithuthukisiwe

Qiniseka ukuthi ufaka isiqephu sakamuva se-Flow Collector NetFlow rollup ngaphambi kokuthi uqale le nqubo.

Ukuze uqale ukufaka i-telemetry ye-Zeek ku-Flow Collector esivele ilungisiwe, qedela lezi zinyathelo ezilandelayo:

  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha okuthi Lungiselela > Umhlaba > Ukuphathwa Okuphakathi.
  3. Ekhasini le-Inventory, chofoza isithonjana… (Ellipsis) se-Flow Collector yakho, bese ukhetha View Izibalo zikagesi. I-Flow Collector Admin interface iyavula.
  4. Khetha Ukusekela > Izilungiselelo Ezithuthukile.
    Uma inkambu ingaboniswa, chofoza indawo ethi Engeza Inketho Entsha. Ukuze uthole ulwazi olwengeziwe mayelana nokuhlela izilungiselelo ezithuthukisiwe Kuqoqo Olugelezayo, bheka isihloko sosizo Sezilungiselelo Ezithuthukisiwe.
  5. Kunkambu ye-enable_zeek, ​​setha inani ku-1 ukuze uthwebule i-Zeek telemetry.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (5) Qiniseka ukuthi uyilungiselele i-Zeek ukuthi idlulisele amalogu ngefomethi ye-JSON.
  6. Qinisekisa inani lisethelwe ku-9514 enkambini ye-zeek_port.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (5)

Qiniseka ukuthi izimbobo zakho ze-telemetry zihlukile. Uma ulungiselela izimbobo ze-telemetry eziyimpinda, izimbobo zizosethwa kabusha zibe okumisiwe kwazo kwangaphakathi ukugwema ukulahleka kwedatha yokugeleza. Okwesiboneloample, uma i-NetFlow ne-Zeek zithekeliswa embotsheni ye-telemetry efanayo, idivayisi ngayinye ethekelisa idatha ye-Zeek izodala isithekelisi ku-Flow Collector futhi isebenzise izinsiza ezithumela ngaphandle kunjini ye-Flow Collector, okuholela ekulahlekeni kokugeleza kwedatha.

Iqinisekisa i-Zeek Telemetry

Ukuze uqinisekise ukuthi i-telemetry ye-Zeek iyathathwa, review umbiko we-Zeek Log Collection Trend:

  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha Bika > Bika Umakhi.
  3. Chofoza okuthi Dala Umbiko Omusha, bese ukhetha Ithrendi Yokuqoqwa Kwelogi ye-Zeek.
  4. Chofoza u-Run.
  5. Qinisekisa ukuthi umbiko ubonisa i-Zeek telemetry.

Umbiko Wethrendi Wokuqoqwa Kwelogi ye-Zeek
Okulandelayo sampIzingxenye Zombiko Wethrendi wokuqoqwa kwelogi ye-Zeek ubonisa ukuthi i-Zeek telemetry ithathwe ngempumelelo.

Bika u-Sample 1
Lo mbiko sample inikeza ihora view.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (7)

Bika u-Sample 2

  • Lo mbiko sample inikeza amahora angu-12 view.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (8)
  • Ukuze uthole ulwazi olwengeziwe mayelana nemibiko, chofoza okuthiI-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (9) (Usizo) isithonjana sokufinyelela isihloko Sosizo Lomakhi Wombiko.

Ukuhlola Imicimbi ye-Zeek

Kunemibiko emibili eyengeziwe etholakalayo ukukusiza ukuthi uhlole imicimbi ye-Zeek:

  • Zeek Database Ingest Trend Report
  • Umbiko wezingodo ze-Zeek
  • Qiniseka ukuthi uneSitolo Sedatha futhi Izibalo zivuliwe.
  • Ukuze unike amandla i-Analytics, khetha okuthi Lungiselela > Ukuthola > Izibalo kumenyu enkulu, bese uchofoza Izibalo Vuliwe.

Zeek Database Ingest Trend Report
Ukuze uhlole imicimbi ye-Zeek conn.log ebhalwa esitolo sakho sedatha, yenza lokhu okulandelayo:

  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha Bika > Bika Umakhi.
  3. Chofoza okuthi Dala Umbiko Omusha, bese ukhetha i-Zeek Database Ingest Trend.
  4. Chofoza u-Run.
  5. Review umbiko:
    • Ingabe Isitolo Sedatha sithola imicimbi ye-Zeek conn.log?
    • Ingabe kube khona iziphazamiso?

Bika u-Sample

  • Lokhu sample inikeza amahora angu-12 view.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (10)
  • View Amarekhodi Abhalwe Njengamabhayithi Omcimbi Ngenkathi ngayinye noma Ukubalwa Komcimbi Ngenkathi ngayinye.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (11)

Umbiko wezingodo ze-Zeek

  • Qiniseka ukuthi i-Flow Collector yakho ilungiselelwe ukuthola idatha evela ku-Zeek. Ukuze uthole imiyalelo, bheka Umhlahlandlela Wokucushwa Kwesistimu.
  • Ukwenza kabushaview imicimbi yokugawulwa kwe-telemetry ye-Zeek yohlobo oluthile lwelogi lwe-Zeek lwe-Flow Collector, yenza lokhu okulandelayo:
  • Ungakwazi ukubuza imibuzo yelogi ye-Zeek emine kanye kanye nemibuzo eyengeziwe elindile kulayini.
  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha Bika > Bika Umakhi.
  3. Chofoza okuthi Yakha umbiko omusha, bese ukhetha ama-Zeek Logs.
  4. Cacisa amapharamitha kuzinkambu ezidingekayo endaweni Ejwayelekile.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (12) Ipharamitha Ulwazi Olwengeziwe
    • Ibanga Lesikhathi Uma ukhetha Okwezifiso, khetha ibanga lesikhathi esifushane ukuze uthole ukusebenza okuphezulu. Uma ufaka ibanga lesikhathi eside, umbiko ungase uthathe isikhathi eside ukubuza idatha.
    • Flow Collector Khetha Iqoqo Lokugeleza Kwezibalo Zenethiwekhi Evikelekile kunethiwekhi yakho.
    • Amarekhodi aphezulu Khetha inani eliphezulu lamarekhodi. Umkhawulo ungamarekhodi ayi-10,000.
    • Uhlobo Lwelogi ye-Zeek Khetha Uhlobo Lwelogi ye-Zeek.
    • Ukukhetha ilogu ngaphandle kwe-conn.log kunkambu Yohlobo Lwelogi ye-Zeek kungase kubangele ukuthi umbiko usebenze isikhathi eside, kodwa kufanele ugijime uze uqede.
  5. Sebenzisa indawo Yesihlungi ukuze ucacise amapharamitha angeziwe, uma kudingeka.
  6. Chofoza u-Run.

Bika u-Sample

  • Amapharamitha angakhethwa akhethiwe lapho kwakhiwa lo mbiko sample.I-Cisco-v7-5-3-Secure-Network-Analytics-IMAGE (13)
  • Ukuze uthole idatha kulo mbiko, udinga i-Secure Network Analytics enokusetshenziswa kweSitolo Sedatha. Ukuze uthole ulwazi nemiyalelo, bheka Umhlahlandlela Wokufakwa Kwezinto Ezisetshenziswayo (I-Hardware noma i-Virtual Edition) kanye Nomhlahlandlela Wokucushwa Kwesistimu.

Ixhumana Nosekelo
Uma udinga ukwesekwa kobuchwepheshe, sicela wenze okukodwa kokulandelayo:

Shintsha Umlando

Inguqulo Yedokhumenti Usuku Lokushicilela Incazelo
1_0 Agasti 6, 2025 Uhlobo lokuqala.

Ulwazi Lwelungelo Lobunikazi
I-Cisco kanye nelogo ye-Cisco yizimpawu zokuthengisa noma izimpawu zokuthengisa ezibhalisiwe ze-Cisco kanye/noma izinhlaka zayo e-US nakwamanye amazwe. Kuya view uhlu lwezimpawu zokuthengisa ze-Cisco, hamba kulokhu URL: https://www.cisco.com/go/trademarks. Izimpawu zokuthengisa zezinkampani zangaphandle ezishiwo ziyimpahla yabanikazi bazo. Ukusetshenziswa kwegama elithi uzakwethu akusho ubudlelwano bokusebenzisana phakathi kweCisco nanoma iyiphi enye inkampani. (1721R)

Amadokhumenti / Izinsiza

I-Cisco v7.5.3 I-Secure Network Analytics [pdf] Umhlahlandlela Womsebenzisi
v7.5.3, v7.5.3 Secure Network Analytics, v7.5.3, Secure Network Analytics, Network Analytics, Analytics

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *