"panelsJSON": "[{"col":1,"id":"AWHWRA0BuiCz3jvXLG2E","panelIndex":1,"row":1,"size_x":12,"size_y":3,"type":"visualization"},{"col":1,"id":"AWHWRzB1uiCz3jvXLjB9","panelIndex":2,"row":4,"size_x":4,"size_y":3,"type":"visualization"},{"col":5,"id":"AWHWTDyouiCz3jvXMHmd","panelIndex":3,"row":4,"size_x":4,"size_y":3,"type":"visualization"},{"col":9,"id":"AWHWefVTuiCz3jvXRbLT","panelIndex":4,"row":4,"size_x":4,"size_y":3,"type":"visualization"},{"col":1,"id":"AWHWhw9vuiCz3jvXS1Sb","panelIndex":5,"row":7,"size_x":4,"size_y":5,"type":"visualization"},{"col":5,"id":"AWHWq6wBuiCz3jvXXqYo","panelIndex":6,"row":7,"size_x":4,"size_y":5,"type":"visualization"},{"col":9,"id":"AWHXprt1uiCz3jvX3lHz","panelIndex":7,"row":7,"size_x":4,"size_y":5,"type":"visualization"}]",

"optionsJSON": "{"darkTheme":false}",

"uiStateJSON": "{"P-5":{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}},"P-6":{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}},"P-7":{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}}",

"version": 1,

"timeRestore": false,

"kibanaSavedObjectMeta": {

"searchSourceJSON": "{"filter":[{"query":{"match_all":{}}}],"highlightAll":true,"version":true}"

}

}

}

]

大功告成！现在你可以开始监控网络活动了。

总结

本文我们介绍了一种使用开源工具分析网络活动的方法，其中重点使用了 BRO IDS 和 Intel Critical Stack。这种方法对于探测受感染的主机是行之有效的，而且除了搭建环境外并不需要任何其他方面的投资。

我们还提供了一份如何配置 Bro 和 Critical Stack Agent 来进行网络监控和数据收集的指南。最后我们解释了如何使用 ELK Stack 来可视化数据和生成图表。

参考

https://en.wikipedia.org/wiki/Intrusion_detection_system

https://www.bro.org/

https://intel.criticalstack.com/

https://www.elastic.co/

示例下载：

visualizations.zip

dashboard.zip

原文链接：[翻译]使用 Bro IDS 和 Intel Critical Stack 分析网络活动

本文由看雪翻译小组 hesir 编译，来源Dev's blog

閱讀更多 看雪學院 的文章

關鍵字: ElasticSearch Line Wget