https://docs.mitigator.ru/v26.04/en/tags/service/ Recent content in Service on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/classic/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/classic/ The mechanism analyzes L4 payload from the dump and extracts traffic signatures. Payload Analyzer accepts traffic dumps in PCAP or PCAPNG formats as input. It is necessary to specify the parameters for building a decision tree: Decisions — the maximum nesting of the branch. Determines the search depth in the process of building a decision tree. Decision type — is an algorithm for building a decision tree. First suitable decision — search for the first suitable solution; All possible decisions — search for all possible solutions within the specified variability and maximum nesting level; Decision of minimum length — traversal along the minimum length branches regardless of the solution completeness. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/multipurpose/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/multipurpose/ Multipurpose Analyzer analyzes L3/L4 headers and L4 payload. Traffic dumps in PCAP or PCAPNG formats are accepted as input. Multipurpose Analyzer capabilities: Generate signatures for L4 payload in various ways. Create visualization of the contents of the dump. It can be useful for understanding the traffic structure, as it allows you to visually identify patterns in it. Create a longogram — an image showing the distribution of packet sizes by their number over a certain time interval. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/tls/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/tls/ TLS Analyzer accepts PCAP or a text file as input. JA3 fingerprints are extracted from PCAP and additional information is displayed. Text files analysis allows you to match JA3 hash, JA3 fullstring or User-Agent. For example, you can get JA3 hash and User-Agent list by uploading JA3 fullstring. And if the User-Agent value is entered, then the search will be performed for records that have such a substring in the User-Agent. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/ip-lists/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/ip-lists/ IP Analyzer analyzes lists of IPv4 addresses, providing a extended set of data for each address in the list. Only unique IP addresses are included in the analysis. Checks: IP addresses presence in reputation lists; compliance with GeoIP databases. If the list contains a prefix from /16 to /32, then it is decomposed into separate IP addresses. You can analyze: A text file with a list of entries separated by comma, space, semicolon, line break. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ ACL Rules Generator analyzes dumps of legitimate traffic and attack traffic and generates a set of ACL filtering rules. IP, TCP, UDP and ICMP protocol packets are analyzed. Traffic dumps are selected from the drop-down list, for which they must be previously uploaded to the service on the Uploads tab. Optionally, you can specify additional dumps on which the rules obtained during the analysis will be tested. If no additional dumps are specified, then the training dumps are divided proportionally into a training part and a test part. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/service/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/service/ Service Analyzer helps in the initial setup of protection by identifying services in the protected network based on the uploaded dump. Currently, any loaded dump is perceived by the mechanism as a dump of incoming traffic from an external network. The Five tuple threshold field specifies the number of repetitions of a unique 5-tuple in a dump. If the number of repetitions is less than the established limit, then such a 5-tuple will not be included in the report. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/express/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/express/ Checks the IP address for presence in reputation lists. Report The report is generated as an interactive HTML page. The report contains: Links for checking the address on third-party services. Information about the country, city, and autonomous system of the address. Presence of the address in various reputation lists. Related Content IP Analyzer Multipurpose Analyzer ACL Rules Generator Goaccess Log Analyzer Log Analyzer Log Format Analyzer Logan Rules Generator Payload Analyzer Service Analyzer Service Change Log https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/al/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/al/ Analyzes web server logs in access.log format and calculates statistics. It allows to identify anomalies and attacking IP addresses. Can be used when writing filtering rules in LOGAN. The mechanism accepts a file with Web server Access logs in “File for analysis” field and a log format in “NGINX log-format” field. The “Output threshold” field specifies the minimum number of repetitions of the calculated parameter to be included in the report. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/goaccess/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/goaccess/ Generating a report using the GoAccess.io log analyzer. Goaccess log analyzer analyzes web server logs. Can be used alone or in combination with «Log Analyzer» to obtain additional statistics. The file for analysis is specified in the “File for analysis” field. The Goaccess format is specified in the “log-format” field. It may be convenient to use third-party tools if you need to convert NGINX log-format to goaccess config, for example nginx2goaccess. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/log-format/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/log-format/ The mechanism recognizes the log format in the uploaded file. Can be used when describing the log format in LOGAN or Log analyzer. Related Content Goaccess Log Analyzer Log Analyzer Logan Rules Generator ACL Rules Generator Express report by IP address IP Analyzer Multipurpose Analyzer Payload Analyzer Service Analyzer Service Change Log https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/logan-rules/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/logan-rules/ The mechanism generates rules for LOGAN based on an uploaded web server log file. To initiate the generation, you need to specify the log format, which can be determined using the Log Format Analyzer. Related Content Goaccess Log Analyzer Log Analyzer Log Format Analyzer ACL Rules Generator Express report by IP address IP Analyzer Multipurpose Analyzer Payload Analyzer Service Analyzer Service Change Log https://docs.mitigator.ru/v26.04/en/psg/changelog/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/changelog/ Date Change March 2026 The GeoIP report section has been removed from “Multipurpose Analyzer”; the geo-information verification functionality has been moved to “IP Analyzer”. Added the ability to create combined feeds based on available ones. The interactive report interface for “IP Analyzer” has been updated. Developed plugins for Chrome and Firefox browsers that allow performing express analysis of a selected IP address on any web page. A console client has been developed that allows performing a quick analysis based on the entered IP address. https://docs.mitigator.ru/v26.04/en/psg/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/ psg.mitigator.ru is a service for network traffic dump analysis in order to identify patterns (PCAP Signature Generator). Additionally, the service analyzes lists of IP addresses and TLS fingerprints. The service is designed to facilitate the research of attack traffic, identify the signature of legitimate traffic, check the source IP addresses against reputation lists, and can be used in retrospective analysis scenarios. How to Use psg.mitigator.ru Service Service Change Log The service is available to MITIGATOR customers.