Broadcom ProxySG
编辑Broadcom ProxySG
编辑ProxySG 是一种安全的 Web 网关解决方案,通过提供 URL 过滤、高级威胁防护和 SSL 检测来识别和阻止恶意活动,从而增强企业的 Web 流量安全性、性能和管理。它通过缓存频繁访问的内容来提高 Web 应用程序的性能并减少带宽使用,同时支持基于各种属性的用户身份验证和访问控制策略。此外,ProxySG 还提供详细的报告和分析工具,以便深入了解 Web 使用模式、安全事件和策略合规性。ProxySG 作为物理或虚拟设备或在云中部署,充当代理服务器,用于检查、过滤和管理 Web 流量,以加强组织的网络安全态势。
数据流
编辑ProxySG 集成从设备收集访问日志。日志可以通过 syslog 或从设备上传的文件提供。
ProxySG 支持的日志格式可在此处找到。目前,ProxySG 集成支持以下格式
- main
要求
编辑您需要 Elasticsearch 来存储和搜索数据,以及 Kibana 来可视化和管理数据。您可以使用我们托管在 Elastic Cloud 上的 Elasticsearch 服务(推荐),也可以在您自己的硬件上自行管理 Elastic Stack。
设置
编辑ProxySG 访问日志可以通过 syslog 或文件上传从设备导出;该集成同时支持这两种方式。
Syslog
编辑配置 ProxySG 以通过 syslog 将访问日志发送到远程服务器。
添加集成,并使用“通过 UDP 从 ProxySG 收集日志”或“通过 TCP 从 ProxySG 收集日志”进行配置。
在高级选项中,选择与配置的设备访问日志格式匹配的“访问日志格式”值。
文件上传
编辑配置 ProxySG 以按计划将访问日志上传到远程服务器。
添加集成,并使用“通过日志记录服务器文件从 ProxySG 收集访问日志”进行配置。
在高级选项中,将“路径”设置为与远程服务器上将要上传到的文件的位置匹配的文件模式。选择与配置的设备访问日志格式匹配的“访问日志格式”值。
访问日志
编辑示例
log 的示例事件如下所示
{
"@timestamp": "2024-03-22T16:16:01Z",
"agent": {
"ephemeral_id": "c62f5fcb-3497-49a3-988a-a076cc2b9dd6",
"id": "d4460588-94a9-4ddb-8a40-c80a3b7db55a",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.14.1"
},
"client": {
"bytes": 969,
"ip": "10.82.255.36",
"user": {
"name": "aeinstein"
}
},
"data_stream": {
"dataset": "proxysg.log",
"namespace": "55535",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "d4460588-94a9-4ddb-8a40-c80a3b7db55a",
"snapshot": false,
"version": "8.14.1"
},
"event": {
"agent_id_status": "verified",
"dataset": "proxysg.log",
"duration": 48000000,
"ingested": "2024-09-12T22:16:57Z",
"original": "2024-03-22 16:16:01 48 10.82.255.36 302 TCP_NC_MISS 1242 969 GET https pixel.tapad.com 443 /idsync/ex/push ?partner_id=2499&partner_device_id=aeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553&partner_url=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3Daeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553%26vid%3D280fa751e99651c4193ef92f6dab0f92%26dspid%3DCEN aeinstein - - pixel.tapad.com - https://vid.vidoomy.com/ OBSERVED \"FastwebRes_CallCntr;Web Ads/Analytics\" - 142.182.19.21 34.111.113.62 \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36\" sha256WithRSAEncryption",
"timezone": "+00:00"
},
"http": {
"request": {
"method": "GET",
"referrer": "-"
},
"response": {
"status_code": 302
}
},
"input": {
"type": "udp"
},
"log": {
"source": {
"address": "172.19.0.6:47495"
},
"syslog": {
"appname": "serverd",
"facility": {
"code": 1,
"name": "user-level"
},
"hostname": "srvr",
"priority": 13,
"severity": {
"code": 5,
"name": "Notice"
},
"version": "1"
}
},
"observer": {
"product": "ProxySG",
"vendor": "Broadcom"
},
"proxysg": {
"client": {
"ip": "10.82.255.36"
},
"client_to_server": {
"auth_group": "-",
"bytes": "969",
"categories": "FastwebRes_CallCntr;Web Ads/Analytics",
"host": "pixel.tapad.com",
"method": "GET",
"referer": "-",
"uri_path": "/idsync/ex/push",
"uri_port": 443,
"uri_query": "?partner_id=2499&partner_device_id=aeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553&partner_url=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3Daeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553%26vid%3D280fa751e99651c4193ef92f6dab0f92%26dspid%3DCEN",
"uri_scheme": "https",
"user_agent": "https://vid.vidoomy.com/",
"username": "aeinstein"
},
"remote_to_server": {
"content_type": "pixel.tapad.com"
},
"server": {
"action": "TCP_NC_MISS",
"ip": "142.182.19.21",
"supplier_name": "-"
},
"server_to_client": {
"bytes": "1242",
"filter_result": "OBSERVED",
"status": "302"
},
"time_taken": 48,
"x_virus_id": "-"
},
"server": {
"bytes": 1242,
"ip": "142.182.19.21"
},
"tags": [
"preserve_original_event",
"forwarded"
],
"url": {
"domain": "pixel.tapad.com",
"path": "/idsync/ex/push",
"port": 443,
"query": "?partner_id=2499&partner_device_id=aeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553&partner_url=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3Daeb66687-eabe-442e-b11e-79494b740d0d-640ba437-5553%26vid%3D280fa751e99651c4193ef92f6dab0f92%26dspid%3DCEN",
"registered_domain": "tapad.com",
"scheme": "https",
"subdomain": "pixel",
"top_level_domain": "com"
},
"user_agent": {
"device": {
"name": "Generic Feature Phone"
},
"name": "Other",
"original": "https://vid.vidoomy.com/"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
input.type |
输入类型。 |
keyword |
log.file.device_id |
日志文件设备 ID。 |
keyword |
log.file.inode |
日志文件 inode。 |
keyword |
log.offset |
日志偏移量。 |
long |
log.source.address |
日志的源地址。 |
keyword |
proxysg.client.ip |
keyword |
|
proxysg.client_to_server.auth_group |
keyword |
|
proxysg.client_to_server.auth_groups |
keyword |
|
proxysg.client_to_server.bytes |
keyword |
|
proxysg.client_to_server.categories |
keyword |
|
proxysg.client_to_server.certificate_subject |
keyword |
|
proxysg.client_to_server.connection_negotiated_cipher |
keyword |
|
proxysg.client_to_server.connection_negotiated_cipher_size |
keyword |
|
proxysg.client_to_server.connection_negotiated_ssl_version |
keyword |
|
proxysg.client_to_server.host |
keyword |
|
proxysg.client_to_server.icap_error_details |
keyword |
|
proxysg.client_to_server.icap_status |
keyword |
|
proxysg.client_to_server.method |
keyword |
|
proxysg.client_to_server.ocsp_error |
keyword |
|
proxysg.client_to_server.referer |
keyword |
|
proxysg.client_to_server.rs_content_type |
keyword |
|
proxysg.client_to_server.threat_id |
keyword |
|
proxysg.client_to_server.threat_risk |
keyword |
|
proxysg.client_to_server.threat_source |
keyword |
|
proxysg.client_to_server.uri_extension |
keyword |
|
proxysg.client_to_server.uri_path |
keyword |
|
proxysg.client_to_server.uri_port |
long |
|
proxysg.client_to_server.uri_query |
keyword |
|
proxysg.client_to_server.uri_scheme |
keyword |
|
proxysg.client_to_server.user_agent |
keyword |
|
proxysg.client_to_server.userdn |
keyword |
|
proxysg.client_to_server.username |
keyword |
|
proxysg.client_to_server.x_requested_with |
keyword |
|
proxysg.remote.ip |
keyword |
|
proxysg.remote.supplier_country |
keyword |
|
proxysg.remote_to_server.certificate_hostection_negotname |
keyword |
|
proxysg.remote_to_server.certificate_hostection_negotnamecategory |
keyword |
|
proxysg.remote_to_server.certificate_hostname |
keyword |
|
proxysg.remote_to_server.certificate_hostname_category |
keyword |
|
proxysg.remote_to_server.certificate_hostname_threat_risk |
keyword |
|
proxysg.remote_to_server.certificate_observed_errors |
keyword |
|
proxysg.remote_to_server.certificate_validate_status |
keyword |
|
proxysg.remote_to_server.connection_negotiated_cipher |
keyword |
|
proxysg.remote_to_server.connection_negotiated_cipher_size |
keyword |
|
proxysg.remote_to_server.connection_negotiated_cipher_strength |
keyword |
|
proxysg.remote_to_server.connection_negotiated_ssl_version |
keyword |
|
proxysg.remote_to_server.content_type |
keyword |
|
proxysg.remote_to_server.icap_error_details |
keyword |
|
proxysg.remote_to_server.icap_status |
keyword |
|
proxysg.remote_to_server.ocsp_error |
keyword |
|
proxysg.remote_to_server.threat_id |
keyword |
|
proxysg.remote_to_server.threat_source |
keyword |
|
proxysg.server.action |
keyword |
|
proxysg.server.hierarchy |
keyword |
|
proxysg.server.ip |
keyword |
|
proxysg.server.sitename |
keyword |
|
proxysg.server.supplier_country |
keyword |
|
proxysg.server.supplier_failures |
keyword |
|
proxysg.server.supplier_ip |
keyword |
|
proxysg.server.supplier_name |
keyword |
|
proxysg.server_to_client.bytes |
keyword |
|
proxysg.server_to_client.filter_result |
keyword |
|
proxysg.server_to_client.status |
keyword |
|
proxysg.time_taken |
long |
|
proxysg.x_bluecoat.access_security_policy_action |
keyword |
|
proxysg.x_bluecoat.access_security_policy_reason |
keyword |
|
proxysg.x_bluecoat.access_type |
keyword |
|
proxysg.x_bluecoat.appliance_name |
keyword |
|
proxysg.x_bluecoat.application_groups |
keyword |
|
proxysg.x_bluecoat.application_name |
keyword |
|
proxysg.x_bluecoat.application_operation |
keyword |
|
proxysg.x_bluecoat.location_id |
keyword |
|
proxysg.x_bluecoat.location_name |
keyword |
|
proxysg.x_bluecoat.placeholder |
keyword |
|
proxysg.x_bluecoat.reference_id |
keyword |
|
proxysg.x_bluecoat.request_tenant_id |
keyword |
|
proxysg.x_bluecoat.transaction_uuid |
keyword |
|
proxysg.x_client_agent_sw |
keyword |
|
proxysg.x_client_agent_type |
keyword |
|
proxysg.x_client_device_id |
keyword |
|
proxysg.x_client_device_name |
keyword |
|
proxysg.x_client_device_type |
keyword |
|
proxysg.x_client_os |
keyword |
|
proxysg.x_client_security_posture_details |
keyword |
|
proxysg.x_client_security_posture_risk_score |
keyword |
|
proxysg.x_cloud_rs |
keyword |
|
proxysg.x_cs_certificate_subject |
keyword |
|
proxysg.x_cs_client_ip_country |
keyword |
|
proxysg.x_cs_connection_negotiated_cipher |
keyword |
|
proxysg.x_cs_connection_negotiated_cipher_size |
keyword |
|
proxysg.x_cs_connection_negotiated_ssl_version |
keyword |
|
proxysg.x_cs_ocsp_error |
keyword |
|
proxysg.x_data_leak_detected |
keyword |
|
proxysg.x_exception_id |
keyword |
|
proxysg.x_icap_reqmod_header_x_icap_metadata |
keyword |
|
proxysg.x_icap_respmod_header_x_icap_metadata |
keyword |
|
proxysg.x_random_ipv6 |
keyword |
|
proxysg.x_rs_certificate_hostname |
keyword |
|
proxysg.x_rs_certificate_hostname_categories |
keyword |
|
proxysg.x_rs_certificate_hostname_threat_risk |
keyword |
|
proxysg.x_rs_certificate_observed_errors |
keyword |
|
proxysg.x_rs_certificate_signature_algorithm |
keyword |
|
proxysg.x_rs_certificate_validate_status |
keyword |
|
proxysg.x_rs_connection_negotiated_cipher |
keyword |
|
proxysg.x_rs_connection_negotiated_cipher_size |
keyword |
|
proxysg.x_rs_connection_negotiated_ssl_version |
keyword |
|
proxysg.x_rs_ocsp_error |
keyword |
|
proxysg.x_sc_connection_issuer_keyring |
keyword |
|
proxysg.x_sc_connection_issuer_keyring_alias |
keyword |
|
proxysg.x_virus_id |
keyword |