https://docs.mitigator.ru/v26.04/en/integrate/ Recent content in Integration on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/integrate/fail2ban/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/fail2ban/ The following web server security configuration is described: Nginx module ngx_http_limit_req detects the excess of the request limit; fail2ban analyzes error.log, which Nginx uses to report on the excesses; IP is added to the list of blocked by MITIGATOR API. MITIGATOR API client There is a script mitigator.py (download) to manage MITIGATOR, in particular to temporarily block an IP address via the MITIGATOR API. If necessary, the script can be modified to perform any other actions on MITIGATOR. https://docs.mitigator.ru/v26.04/en/integrate/web-challenger/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/web-challenger/ Web Challenger (WebC) is a Docker container containing NGINX and an HTTP/HTTPS request processing module that works in tandem with the HCA countermeasure in MITIGATOR. Possibilities The HCA countermeasure redirects HTTP/HTTPS requests from unauthenticated IP addresses to WebC, where the sender is verified. If the verification is successful, the source IP address is added to the HCA’s authenticated table. HCA can also work with third-party L7 protection devices. Multiple packet processors can work with one WebC when working in a cluster. https://docs.mitigator.ru/v26.04/en/integrate/syslogng/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/syslogng/ By setting up syslog-ng, as well as syslog translation on the MITIGATOR side, you can execute arbitrary scripts: blocking scripts, protection switching, BGP route switching, and so on. Syslog record format. Syslog-ng setup The configuration is written to /etc/syslog-ng/conf.d/mitigator.conf. Parameters for receiving messages (protocol, port) must match the settings in the MITIGATOR web interface. The expect-hostname option is required because the hostname is specified in the messages. source s_udp { syslog(transport("udp") flags(expect-hostname)); }; All MITIGATOR messages have the same program name, by which you can filter them: https://docs.mitigator.ru/v26.04/en/integrate/prometheus/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/prometheus/ Metrics in MITIGATOR are stored in Graphite. It is possible to export metrics to Prometheus via graphite_exporter. To organize sending, you need to deploy and configure graphite_exporter (the main configuration file and the configuration file for metrics matching), then configure sending metrics to graphite_exporter. Brief sequence of actions: Writing a metric compliance configuration for specific needs. Deploying graphite_exporter with this configuration. Setting up data sending in the MITIGATOR system. graphite_exporter metrics matching configuration A list of metrics with a short description is available by link. https://docs.mitigator.ru/v26.04/en/integrate/fastnetmon/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/fastnetmon/ The following protection scheme is described: FastNetMon analyzes traffic, detects attacks and calls the script at the beginning and end of attacks. The script analyzes the FastNetMon report and switches the protection status on MITIGATOR depending on the characteristics of the attack. FastNetMon Overview FastNetMon detects the beginning, the end and the characteristics of the attack by analyzing traffic that can be taken from network interfaces or come from aggregators (NetFlow, sFlow). https://docs.mitigator.ru/v26.04/en/integrate/vestochka/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/vestochka/ BIFIT Vestochka is a free mobile application for aggregating push messages. The MITIGATOR system may use Vestochka to deliver notifications. Service access to Vestochka for sending messages is provided free of charge when purchasing MITIGATOR. Service access to “Vestochka” for sending messages is provided if you have an active MITIGATOR technical support service. Vestochka is useful for: System administrators for notifications to a mobile phone. When organizing a service based on MITIGATOR: you can provide customers with a convenient channel for prompt notifications without setting up an SMS gateway (Internet is required). https://docs.mitigator.ru/v26.04/en/integrate/mcr/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/mcr/ Tip This describes the MITIGATOR Challenge Response (MCR) protocol for developers of external systems. The MCR countermeasure is described in the built-in help. MITIGATOR Challenge Response (MCR) is a protocol for IP authentication on MITIGATOR. The protocol can be implemented both by a protected application and separately, for example, when a game launcher is being checked, and game traffic is passed. The program that implements the protocol and passes the test is called the client (in the example above, the client is the launcher). https://docs.mitigator.ru/v26.04/en/integrate/snmp/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/snmp/ MITIGATOR comes with a built-in SNMP agent listening on port 1161. No community is configured by default. SNMP metrics of all MITIGATOR instances are only available through the leader instance. Metrics provided under OID 1.3.6.1.4.1.88778: MITIGATOR data ports (ext*, int*) MITIGATOR operation (resource utilization, protection statistics) Wireguard interface wg0 of cluster VPN (in gateway service container) List of available OIDs and the MIB file. Access SNMP metrics Create SNMP configuration file in the working directory /srv/mitigator: https://docs.mitigator.ru/v26.04/en/integrate/syncookie/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/syncookie/ MITIGATOR has a TCP protection mode with ISN synchronization, in which after checking the client, the connection is not interrupted, filtering is transparent and convenient. To do this, you need to install a kernel module on the protected server, that will provide the necessary information, and a synchronization agent that will be polled by the MITIGATOR system. Protection mode with ISN synchronization is supported in countermeasures TCP, MINE, ATLS, DNS and BPF. https://docs.mitigator.ru/v26.04/en/integrate/log-analyzer/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/log-analyzer/ Info The log analysis functionality is additionally licensed. Logan is a MITIGATOR functionality for analyzing logs of a protected Web server (HTTP, HTTPS), detecting anomalies and attacking addresses. Protected servers send their logs to the Logan using syslog RFC 3164 (UDP, TCP). Logan can be located on the same server as the rest of the MITIGATOR, or separately. Logan on MITIGATOR Instance The following steps assume that an instance of MITIGATOR has already been installed.