After the completion of the PKI/PMI system, governments at all levels and enterprises and institutions inevitably face the problem of operation and maintenance.Administrators found many difficult problems to master, such as personnel changes in regional distribution, organization, access situation of the application system, how much the certificate is used , who has account in the system, what personnel in which system access is crossing the line, complex artificial calculation can form part of the report, finally form the results of the authority, timeliness is not very high if the operations staff check each system.
At the same time, after the deploymengt completion of the PKI/PMI system, the application of access data is encrypted based on digital certificates, and the information flowing on the switch or the specified network card is no longer clear text. The traditional auditing software through network packet analysis can no longer work properly, so a new method is needed to realize the log auditing system based on strong identity.
The comprehensive audit query system is a platform for unified presentation of PKI/PMI construction. It can collect and analyze user information, identity information and access information uniformly, and present it to users in a variety of ways to solve the operation and maintenance management problems brought by the construction of PKI/PMI system.
The biggest difference between JIT AQS on the market and other audit systems is the product behavior audit mainly for digital certificates. With the use of digital certificate technology, traditional audit products will not work properly. Because the information circulating in the network is encrypted after the use of digital certificate technology, traditional audit products audit plain text, so they cannot be analyzed. JIT AQS takes digital certificate as the core, and uses AQS SDK and SYSLOG to collect business system behavior audit information, and conduct unified analysis and presentation.
JIT AQS distributes the personal digital certificate, authorizes the digital certificate, authorizes the digital certificate to log in to each service system, and accesses the access functions of the functional modules of the digital certificate access service system. According to the flexible configuration strategy Statistical analysis is carried out to show the distribution of digital certificates and to understand the use of digital certificates.
JIT AQS fully considers the openness of the software when designing. The information presentation module is implemented by a separate program and provides a software development interface. It provides a powerful audit report function, and users can customize the analysis according to the content they care about. By setting up a reasonable audit report, users can quickly and intuitively understand the operation and usage of the system; if an abnormality is found, they can use the query, analysis and tracking functions of the audit system to find personnel, time and operation content and output the results.
JIT AQS can not only audit security infrastructure such as PKI, but also audit the login behavior of each business system through AQS SDK. Provide data mining and correlation analysis on stored behavior audit data, provide accurate and detailed statistical analysis data and reports to managers through visual interfaces and reports, assist management personnel to discover security vulnerabilities in a timely manner, and take effective measures to improve security levels. Ultimately, the purpose of assisting decision-making is achieved.
Query user info、Cert info、Account info、Permission info、Application access
Statistical user info、Cert info、Account info、Permission info、Application access
Support receiving audit log information sent by CA, RA, OCSP and other parts in PKI
Support receiving audit log information sent by UMS, IMS, PMS, AA and other components in PMI
Log information archive, log information query
system management：Dictionary management, data source management, task scheduling management, administrator management
Server management: server certificate management, administrator certificate management
Stracgy management：Data source management, Policy setting, task scheduling, Syslog configurationBusiness side presentation
I want to consult