Ntuziaka onye ọrụ CISCO Security Cloud

Na ibe ngwaahịa Cisco, họrọ ngwaahịa Cisco akọwapụtara nke ịchọrọ ịhazi.
Pịa Hazie Ngwa maka ngwaahịa ahụ.
Dejupụta mpaghara achọrọ gụnyere Aha ntinye, Oge etiti, Index, na Ụdị Isi mmalite.

Chekwaa nhazi. Dezie mperi ọ bụla ma ọ bụrụ na agbanyụrụ bọtịnụ Chekwa.

Nhazi Cisco Duo
Maka ịhazi Cisco Duo n'ime ngwa nchekwa Cloud, soro usoro ndị a:

Na ibe nhazi Duo, tinye aha ntinye.
Nye nzere API Admin na igodo njikọta, igodo nzuzo, yana ubi aha nnabata API.
Ọ bụrụ na ịnweghị nzere ndị a, denye aha akaụntụ ọhụrụ iji nweta ha.

Ajụjụ A na-ajụkarị (FAQ)

Ajụjụ: Gịnị bụ ndị nkịtị ubi chọrọ maka configuring ngwa?
A: Ogige ndị a na-ahụkarị gụnyere Aha ntinye, Oge etiti, Index, na Ụdị Isi mmalite.
Ajụjụ: Kedu ka m ga-esi jikwaa ikike site na Duo API?
A: A na-ejikwa Duo API nweta ikike site na iji Duo SDK maka Python. Ịkwesịrị ịnye aha nnabata API enwetara site na Panel Admin Duo yana mpaghara nhọrọ ndị ọzọ dị ka achọrọ.

Isiakwụkwọ a na-eduzi gị site na usoro ịgbakwunye na ịhazi ntinye maka ngwa dị iche iche (ngwaahịa Cisco) n'ime ngwa Cloud Security. Ntinye dị oke mkpa n'ihi na ha na-akọwapụta isi mmalite data nke Cloud Cloud App na-eji maka ebumnuche nlekota. Nhazi ntinye nke ọma na-achọpụta na mkpuchi nchekwa gị zuru oke yana na egosipụtara data niile nke ọma maka nleba anya na nleba anya n'ọdịnihu.

Hazie ngwa

Ntọlite ngwa bụ ngwa ọrụ izizi maka ngwa Cloud Security. Ibe ntọala ngwa nwere ngalaba abụọ:

Ọgụgụ 1: Ngwa M

Akụkụ Ngwa m dị na ibe Ntọala Ngwa na-egosiputa nhazi ntinye onye ọrụ niile.
Pịa hyperlink ngwaahịa ka ịga na dashboard ngwaahịa.

Iji dezie ntinye, pịa Dezie nhazi n'okpuru menu ihe omume.
Ka ihichapụ ntinye, pịa Hichapụ n'okpuru menu ihe omume.

Ọgụgụ 2: Ngwaahịa Cisco

Ibe ngwaahịa Cisco na-egosiputa ngwaahịa Cisco niile dị na agbakwunyere na ngwa Cloud Security.

Ị nwere ike hazie ntinye maka ngwaahịa Cisco ọ bụla na ngalaba a.

Hazie ngwa

Ụfọdụ mpaghara nhazi bụ ihe a na-ahụkarị na ngwaahịa Cisco niile ma akọwara ha na ngalaba a.

A kọwapụtara mpaghara nhazi nke akọwapụtara maka ngwaahịa na ngalaba ndị ọzọ.

Tebụl 1: ubi ndị nkịtị

Ubi	Nkọwa
Aha ntinye	(Anyere iwu) Aha pụrụ iche maka ntinye nke ngwa.
Ogologo oge	(Akwesịrị) Ogologo oge n'ime sekọnd n'etiti ajụjụ API.
Index	(Anyere iwu) ndeksi ebe maka ndekọ ngwa. Enwere ike ịgbanwe ya ma achọrọ ya. A na-enye ihe zuru oke maka mpaghara a.
Ụdị Isi mmalite	(Anyere iwu) Maka ọtụtụ ngwa, ọ bụ uru ndabara ma nwee nkwarụ. Ị nwere ike ịgbanwe uru ya na Ntọala aga n'ihu.

Nzọụkwụ 1 Na ngwa Ntọala> Cisco Ngwaahịa ibe, gaa na ngwa Cisco achọrọ.

Nzọụkwụ 2 Pịa Hazie Ngwa.
Ibe nhazi ahụ nwere akụkụ atọ: nkọwa ngwa nkenke, akwụkwọ nwere njikọ maka akụrụngwa bara uru, na ụdị nhazi.
Nzọụkwụ 3 Dejupụta ụdị nhazi. Rịba ama ihe ndị a:
- Ejiri akara akara * akara mpaghara achọrọ.
- Enwekwara mpaghara nhọrọ.
- Soro ntuziaka na ndụmọdụ akọwara na ngalaba ngwa akọwapụtara nke ibe ahụ.
Nzọụkwụ 4 Pịa Chekwa.
Ọ bụrụ na enwere mperi ma ọ bụ oghere efu, bọtịnụ Chekwa ga-enwe nkwarụ. Dezie njehie ahụ wee chekwaa ụdị ahụ.

Cisco Duo

Ọgụgụ 3: ibe nhazi Duo

Na mgbakwunye na mpaghara amanyere amanyere akọwara na Hazie ngwa, na ngalaba ibe 2, achọrọ nzere ndị a maka ikike na Duo API:

ikey (igodo njikọta)
skey (Igodo nzuzo)

Duo SDK na-ahụ maka ikike maka Python.

Tebụl 2: Mpaghara nhazi Duo

Ubi	Nkọwa
Aha nnabata API	(Anyere iwu) Ụzọ API niile na-eji aha nnabata API. https://api-XXXXXXXX.duosecurity.com. Nweta uru a site na Duo Admin Panel wee jiri ya dịka egosiri ebe ahụ.
Ndekọ nchekwa Duo	Nhọrọ.
Ọkwa ndekọ	(Nhọrọ) ọkwa ntinye maka ozi edere na ndekọ ntinye na $SPLUNK_HOME/var/log/splunk/duo_splunkapp/

Nzọụkwụ 1 Na ibe nhazi Duo, tinye Aha ntinye.

Nzọụkwụ 2 Tinye nzere API Admin na igodo njikọta, igodo nzuzo, yana ubi aha nnabata API. Ọ bụrụ na ị nweghị akwụkwọ ikike ndị a, debanye aha akaụntụ ọhụrụ.
- Gaa na Ngwa> Chedo ngwa> API Admin ka imepụta API Admin ọhụrụ.

Nzọụkwụ 3 Kọwaa ihe ndị a ma ọ bụrụ na achọrọ:
- Ndekọ nchekwa Duo
- Ọkwa ndekọ
Nzọụkwụ 4 Pịa Chekwa.

Cisco Secure Malware Analytics

Ọgụgụ 4: Ibe nhazi nyocha Malware echekwara

Rịba ama
Ị ga-achọ igodo API (api_key) maka ikike site na Secure Malware Analytics (SMA) API Nyefee igodo API dị ka ụdị onye na-ebu n'ime akara ikike nke arịrịọ ahụ.

Chekwaa data nhazi nchịkọta Malware

Onye ọbịa: (Anyere iwu) Ezipụta aha akaụntụ SMA.
Ntọala nnọchiteanya: (Nhọrọ) mejupụtara Ụdị Proxy, Proxy URL, Port, Aha njirimara, na Paswọdu.
Ntọala ntinye: (Nhọrọ) Kọwaa ntọala maka ozi ndekọ.

Kwụpụ 1 Na ibe nhazi nyocha Malware echekwara, tinye aha na Aha ntinye.
Nzọụkwụ 2 Tinye onye ọbịa na mpaghara igodo API.
Nzọụkwụ 3 Kọwaa ihe ndị a ma ọ bụrụ na achọrọ:
- Ntọala proxy
- Ntọala ntinye
Nzọụkwụ 4 Pịa Chekwa.

Cisco Secure Firewall Management Center

Ọgụgụ 5: Ibe nhazi ebe njikwa ọkụ nchekwa echekwara

Ị nwere ike ibubata data n'ime ngwa nchekwa nchekwa nchekwa site na iji otu n'ime usoro abụọ a na-ahazi: eStreamer na Syslog.
Ibe nhazi nchekwa nchekwa nchekwa na-enye taabụ abụọ, nke ọ bụla dabara na usoro mbubata data dị iche. Ị nwere ike ịgbanwe n'etiti taabụ ndị a iji hazie ntinye data dị iche iche.

Firewall e-Streamer

eStreamer SDK a na-eji maka nkwurịta okwu na Ebe Nchekwa Firewall Management Center.

Onyonyo 6: Nchekwa Firewall E-Streamer tab

Tebụl 3: Chekwaa data nhazi nke Firewall

Ubi	Nkọwa
Onye nnabata FMC	(Anyere iwu) Na-akọwapụta aha onye nlekọta ụlọ ọrụ njikwa.
Port	(Anyere iwu) Ezipụta ọdụ ụgbọ mmiri maka akaụntụ ahụ.
Asambodo PKCS	(Anyere iwu) A ga-emerịrị asambodo ahụ na njikwa njikwa Firewall - Asambodo eStreamer Okike. Sistemu na-akwado naanị pkcs12 file ụdị.
Okwuntughe	Okwuntughe (amanyere iwu) maka Asambodo PKCS.
Ụdị mmemme	(Anyere iwu) Họrọ ụdị mmemme ị ga-etinye (Niile, Njikọ, Ntinye, File, ngwugwu ntinye).

Nzọụkwụ 1 Na E-Streamer taabụ nke Tinye Secure Firewall peeji nke, na ntinye Aha ubi, tinye aha.
Nzọụkwụ 2 N'ime oghere Asambodo PKCS, bulite .pkcs12 file iji guzobe asambodo PKCS.
Nzọụkwụ 3 Na Paswọdu ubi, tinye paswọọdụ.
Nzọụkwụ 4 Họrọ mmemme n'okpuru Ụdị Omume.
Nzọụkwụ 5 Kọwaa ihe ndị a ma ọ bụrụ na achọrọ:
- Ndekọ nchekwa Duo
- Ọkwa ndekọ
  Rịba ama
  Ọ bụrụ n'ịgbanwe n'etiti taabụ E-Streamer na Syslog, naanị taabụ nhazi arụ ọrụ ka echekwara. Ya mere, ị nwere ike ịtọ naanị otu ụzọ mbubata data n'otu oge.
Nzọụkwụ 6 Pịa Chekwa.

Firewall Syslog
Na mgbakwunye na mpaghara amanyere iwu nke akọwapụtara na Hazie ngwa, ngalaba, ndị a bụ nhazi nke achọrọ n'akụkụ etiti njikwa.

Tebụl 4: nchekwa data nhazi nke Firewall Syslog

Ubi	Nkọwa
TCP/UDP	(Anyere iwu) Ezipụta ụdị data ntinye.
Port	(Anyere iwu) Ezipụta ọdụ ụgbọ mmiri pụrụ iche maka akaụntụ ahụ.

Kwụpụ 1 Na Syslog taabụ nke Tinye Secure Firewall peeji nke, guzobe njikọ n'akụkụ ebe njikwa, n'ime aha ntinye aha, tinye aha.
Nzọụkwụ 2 Họrọ TCP ma ọ bụ UDP maka Ụdị ntinye.
Nzọụkwụ 3 N'ime ọdụ ụgbọ mmiri, tinye nọmba ọdụ ụgbọ mmiri

Nzọụkwụ 4 Họrọ ụdị n'ime listi mwụda Ụdị.
Nzọụkwụ 5 Họrọ ụdị mmemme maka ụdị isi mmalite ahọpụtara.
Rịba ama
Ọ bụrụ n'ịgbanwe n'etiti taabụ E-Streamer na Syslog, naanị taabụ nhazi arụ ọrụ ka echekwara. Ya mere, ị nwere ike ịtọ naanị otu ụzọ mbubata data n'otu oge.
Nzọụkwụ 6 Pịa Chekwa.

Cisco Multicloud Defense

Ọgụgụ 7: Ibe nhazi nyocha Malware echekwara

Multicloud Defence (MCD) na-eji ọrụ HTTP Omume Collector arụ ọrụ nke Splunk kama ịkparịta ụka site na API.

Mepụta ihe atụ na Cisco Defence Orchestrator (CDO), site n'ịgbaso usoro ndị akọwapụtara na ngalaba Ntuzi Ntọlite nke ibe nhazi Multicloud Defense.

Naanị mpaghara iwu kwadoro akọwapụtara na Hazie ngwa, ngalaba ka achọrọ maka ikike na Multicloud Defense.

Kwụpụ 1 Wụnye ihe atụ nchekwa Multicloud na CDO site na isoro ntuziaka Ntọala na ibe nhazi.

Kwụpụ 2 Tinye aha n'ọhịa Aha ntinye.
Nzọụkwụ 3 Pịa Chekwa.

Cisco XDR

Ọgụgụ 8: ibe nhazi XDR

Achọrọ nzere ndị a maka ikike site na API nkeonwe Intel:

client_id
client_nzuzo

Ntinye ntinye ọ bụla na-ebute oku gaa na njedebe GET /iroh/oauth2/token iji nweta akara nke dị irè maka 600 sekọnd.

Isiokwu 5: Cisco XDR nhazi data

Ubi	Nkọwa
Mpaghara	(Anyere iwu) Họrọ mpaghara tupu ịhọrọ usoro nyocha.
Nyocha Usoro	(Anyere iwu) Ụzọ nyocha abụọ dị: Iji NJ ndị ahịa na OAuth.
Ogologo oge mbubata	(Akwesịrị) Nhọrọ mbubata atọ dị: Bubata data ihe omume niile, Bubata site na oge ụbọchị emepụtara, yana Bubata site na oge ụbọchị akọwapụtara.
Kwalite emume XDR na ndị ama ama ES?	(Nhọrọ) Splunk Enterprise Security (ES) na-akwalite ndị ama ama. Ọ bụrụ na ịmebeghị Enterprise Security, ị ka nwere ike họrọ ịkwalite ndị ama ama, mana mmemme anaghị apụta na ndeksi ahụ ma ọ bụ nnukwu macros. Mgbe ịmechara Nchebe Enterprise, mmemme dị na ndeksi. Ị nwere ike ịhọrọ ụdị ihe omume ị ga-etinye (Niile, Critical, Medium, Low, Ama, Amaghị, Ọ dịghị).

Kwụpụ 1 Na ibe nhazi Cisco XDR, tinye aha n'ọhịa Aha ntinye.
Kwụpụ 2 Họrọ usoro site na listi mgbada usoro nyocha.
- NJ onye ahịa:
  - Pịa bọtịnụ Gaa na XDR iji mepụta onye ahịa maka akaụntụ gị na XDR.
  - Detuo na mado ID onye ahịa
  - Tọọ paswọọdụ (Client_secret)
- OAuth:
  - Soro njikọ emepụtara wee chọpụta. Ịkwesịrị ịnwe akaụntụ XDR.
  - Ọ bụrụ na njikọ nke mbụ nwere koodu ahụ arụghị ọrụ, na njikọ nke abụọ, detuo koodu njirimara wee jiri aka mado ya.
Kwụpụ 3 Kọwaa oge mbubata na mpaghara Oke Oge mbubata.
Kwụpụ 4 Ọ bụrụ na achọrọ, họrọ uru dị na Kwalite ihe omume XDR na ES Notables. ubi.

Nzọụkwụ 5 Pịa Chekwa.

Cisco Secure Email iyi egwu nchekwa

Ọgụgụ 9: ibe nhazi nchekwa egwu egwu email echekwara

Achọrọ nzere ndị a maka ikike nke API Nchekwa Enyi Egwu Email Secure:

api_key
client_id
client_nzuzo

Tebụl 6: data nhazi nchekwa egwu email echekwara

Ubi	Nkọwa
Mpaghara	(Anyere iwu) Ị nwere ike dezie mpaghara a iji gbanwee mpaghara.
Ogologo oge mbubata	Nhọrọ atọ dị: Bubata data ozi niile, Bubata site na oge ụbọchị emepụtara, ma ọ bụ Bubata site na oge ụbọchị akọwapụtara.

Kwụpụ 1 Na ibe nhazi nchekwa egwu Email echekwara, tinye aha n'ọhịa Aha ntinye.
Nzọụkwụ 2 Tinye igodo API, NJ ndị ahịa, na igodo Nzuzo ndị ahịa.

Nzọụkwụ 3 Họrọ mpaghara site na listi ndọpụta mpaghara.
Nzọụkwụ 4 Tọọ oge mbubata n'okpuru Ogologo Oge mbubata.
Nzọụkwụ 5 Pịa Chekwa.

Cisco Secure Network Analytics

Secure Network Analytics (SNA), nke a na-akpọbu Stealthwatch, na-enyocha data netwọk dị ugbu a iji nyere aka chọpụta ihe iyi egwu nwere ike ịchọta ụzọ isi gafere njikwa ndị dị adị.

Ọgụgụ 10: ibe nhazi nyocha netwọkụ echekwara

Asambodo achọrọ maka ikike:

smc_host: (adreesị IP ma ọ bụ aha nnabata nke njikwa njikwa Stealthwatch)
tenant_id (NJ ngalaba njikwa igwe elekere Stealthwatch maka akaụntụ a)
aha njirimara (aha njirimara njikwa njikwa Stealthwatch)
okwuntughe (paswọọdụ njikwa igwe elekere Stealthwatch maka akaụntụ a)

Tebụl 7: Nchekwa data nhazi nyocha netwọkụ

Ubi	Nkọwa
Ụdị proxy	họrọ uru site na listi ndọpụta: • Onye ọbịa • Port • Aha njirimara • Okwuntughe
Ogologo oge	(Akwesịrị) Ogologo oge n'ime sekọnd n'etiti ajụjụ API. Na ndabara, 300 sekọnd.
Ụdị isi mmalite	(Anyere iwu)
Index	(Anyere iwu) Ezipụta ndepụta ebe aga maka ndekọ nchekwa nchekwa SNA. Site na ndabara, steeti: cisco_sna.
Mgbe	(Anyere iwu) A na-eji uru mbụ emechara mgbe a na-ajụ Stealthwatch API. Site na ndabara, uru ya bụ nkeji iri gara aga.

Nzọụkwụ 1 Na Secure Network Analytics nhazi ibe, tinye aha n'ime aha ntinye aha.
Kwụpụ 2 Tinye adreesị njikwa (IP ma ọ bụ onye ọbịa), ID ngalaba, aha njirimara, na paswọọdụ.

Kwụpụ 3 Ọ bụrụ na achọrọ, tọọ ihe ndị a n'okpuru ntọala Proxy:
- Họrọ proxy n'ụdị ndetu ndọda.
- Tinye onye ọbịa, ọdụ ụgbọ mmiri, aha njirimara, na paswọọdụ n'ime mpaghara dị iche iche.
Nzọụkwụ 4 Kọwaa nhazi ntinye:
- Tọọ oge n'okpuru nkeji oge. Site na ndabara, atọrọ etiti oge ka ọ bụrụ sekọnd 300 (nkeji ise).
- Ị nwere ike ịgbanwe ụdị isi mmalite n'okpuru Ntọala di elu ma ọ bụrụ na achọrọ ya. Uru ndabara bụ cisco: sna.
- Tinye ndetu ebe aga maka ndekọ nchekwa na mpaghara Index.

Nzọụkwụ 5 Pịa Chekwa.

Akwụkwọ / akụrụngwa

	Ngwa CISCO Security Cloud App [pdf] Ntuziaka onye ọrụ Ngwa nchekwa igwe ojii, ngwa igwe ojii, ngwa
	Ngwa CISCO Security Cloud App [pdf] Ntuziaka onye ọrụ Nchekwa, Ígwé ojii nchekwa, igwe ojii, ngwa igwe nchekwa, ngwa
	Ngwa CISCO Security Cloud App [pdf] Ntuziaka onye ọrụ Ngwa nchekwa igwe ojii, ngwa igwe ojii, ngwa

Ntụaka

Akwụkwọ ntuziaka onye ọrụ

Hapụ ikwu

Kagbuo nzaghachi