I-Cato Networks isebenzisa kanjani i-Amazon Bedrock ukuguqula ukusesha kombhalo kwamahhala kube imibuzo ye-GraphQL ehlelekile
Lokhu okuthunyelwe kwezivakashi okubhalwe ngu-Asaf Fried, Daniel Pienica, Sergey Volkovich ovela ku-Cato Networks.
I-Cato Networks ingumhlinzeki oholayo wensizakalo yokufinyelela evikelekile (i-SASE), inethiwekhi yebhizinisi kanye nesevisi yokuphepha egxile kumafu ehlanganisa i-SD-WAN, inethiwekhi yamafu, nemisebenzi yesevisi yokuphepha (SSE), okuhlanganisa i-firewall njengesevisi ( FWaaS), isango lewebhu elivikelekile, ukufinyelela kwenethiwekhi okungethembisi lutho, nokuningi.
Kwikhonsoli yethu yokuphatha ye-SASE, ikhasi lemicimbi emaphakathi linikeza umbono obanzi wemicimbi eyenzeka ku-akhawunti ethile. Ngokungase kube izigidi zemicimbi ebangeni lesikhathi elikhethiwe, umgomo uwukwenza ngcono le micimbi kusetshenziswa izihlungi ezihlukahlukene kuze kube yilapho kukhonjwa inombolo elawulekayo yemicimbi efanele ukuze ihlaziywe. Abasebenzisi bangabuyekeza izinhlobo ezahlukene zezehlakalo ezifana nokuphepha, ukuxhumana, isistimu, nokuphatha, ngayinye ihlukaniswe ngemibandela ethile njengokuvikela usongo, ukuqapha kwe-LAN, nezibuyekezo ze-firmware. Nokho, inqubo yokwengeza izihlungi embuzweni wosesho iyasebenza futhi ingadla isikhathi, ngoba idinga ukujwayelana okujulile nohlu lwamagama omkhiqizo.
Ukuze kubhekwane nale nselele, kamuva nje sinike amakhasimende amandla okwenza ukusesha kombhalo mahhala ekhasini lokuphatha imicimbi, okuvumela abasebenzisi abasha ukuthi baqhube imibuzo ngolwazi oluncane lomkhiqizo. Lokhu kufezwe ngokusebenzisa amamodeli ayisisekelo (ama-FM) ukuze kuguqulwe ulimi lwemvelo lube imibuzo ehlelekile ehambisana ne-GraphQL API yomkhiqizo wethu.
Kulokhu okuthunyelwe, sibonisa ukuthi sisebenzise kanjani i-Amazon Bedrock, isevisi ephethwe ngokugcwele eyenza ama-FM asuka emazingeni aphambili e-AI kanye ne-Amazon atholakale nge-API, ukuze ukwazi ukukhetha kuma-FMs anhlobonhlobo ukuze uthole imodeli ekufanelekela kangcono. sebenzisa icala. Ngolwazi olungenasiphakeli lwe-Amazon Bedrock, ungaqala ngokushesha, wenze ngendlela oyifisayo ama-FM ngedatha yakho, futhi uwahlanganise ngokushesha futhi uwathumele ezinhlelweni zakho zokusebenza usebenzisa amathuluzi e-AWS ngaphandle kokuphatha ingqalasizinda. I-Amazon Bedrock isenze sakwazi ukucebisa ama-FM ngolwazi oluqondene nomkhiqizo futhi siguqule okokufaka kombhalo wamahhala kusuka kubasebenzisi kube imibuzo yosesho ehlelekile ye-API yomkhiqizo engathuthukisa kakhulu ulwazi lomsebenzisi nokusebenza kahle ezinhlelweni zokuphatha idatha.
Uhlolojikelele lwesixazululo
I Imicimbi ikhasi lifaka ibha yokuhlunga enezinto zombili zomcimbi kanye nezihlungi zebanga lesikhathi. Lezi zihlungi zidinga ukwengezwa futhi zibuyekezwe mathupha embuzweni ngamunye. Isithombe-skrini esilandelayo sibonisa isibonelo sezihlungi zomcimbi (1) nezihlungi zesikhathi (2) njengoba zibonwa kubha yokuhlunga (umthombo: Isisekelo solwazi se-Cato).
Izihlungi zomcimbi ziyinhlanganisela yezitatimende ngendlela elandelayo:
- Ukhiye – Igama lesizinda
- Opharetha – Umsebenzisi wokuhlola (isibonelo, ungaphakathi, uhlanganisa, mkhulu kuno, njll.)
- Inani – Inani elilodwa noma uhlu lwamanani
Isibonelo, isithombe-skrini esilandelayo sibonisa isihlungi ukwenza okuthile [ Alert, Block ].
Isihlungi sesikhathi siyibanga lesikhathi elilandela indinganiso yezikhawu zesikhathi ye-ISO 8601.
Isibonelo, isithombe-skrini esilandelayo sibonisa isihlungi sesikhathi saso UTC.2024-10-{01/00:00:00--02/00:00:00}.
Ukuguqula umbhalo wamahhala ube umbuzo ohlelekile wezihlungi zesehlakalo nesikhathi kuwumsebenzi oyinkimbinkimbi wokucubungula ulimi lwemvelo (NLP) ongafezwa kusetshenziswa ama-FM. Ukwenza ngendlela oyifisayo umsakazo we-FM okhethekile emsebenzini othile kuvame ukwenziwa kusetshenziswa enye yalezi zindlela ezilandelayo:
- Ubunjiniyela obusheshayo – Engeza imiyalelo efasiteleni lomongo/ lokokufaka lemodeli ukuze uyisize iqedele umsebenzi ngempumelelo.
- Ukubuyisa Isizukulwane Esingeziwe (RAG) – Buyisa umongo ofanelekile kusisekelo solwazi, ngokusekelwe embuzweni wokufakwayo. Lo mongo wengezelelwa embuzweni wokuqala. Le ndlela isetshenziselwa ukunciphisa inani lengqikithi enikezwe imodeli kudatha efanele kuphela.
- Ukuhleleka Kwayo – Qeqesha i-FM ngedatha ehambisana nomsebenzi. Kulesi simo, umongo ofanele uzoshumekwa ezisindweni zemodeli, esikhundleni sokuba yingxenye yokokufaka.
Ngomsebenzi wethu othile, sithole ubunjiniyela obusheshayo banele ukufeza imiphumela ebesiyidinga.
Ngoba umcimbi uhlunga ku- Imicimbi ikhasi liqondene ngqo nomkhiqizo wethu, sidinga ukunikeza i-FM iziqondiso eziqondile zokuthi zingakhiqizwa kanjani, ngokusekelwe emibuzweni yombhalo wamahhala. Okucatshangelwayo okuyinhloko lapho udala ukwaziswa yilezi:
- Faka nengqikithi efanele – Lokhu kuhlanganisa okulandelayo:
- Okhiye abakhona, ama-opharetha, namanani imodeli engawasebenzisa.
- Iziyalezo eziqondile. Isibonelo, ama-opharetha ezinombolo angasetshenziswa kuphela nokhiye abanamanani ezinombolo.
- Qiniseka ukuthi kulula ukukuqinisekisa – Uma kubhekwa inombolo ebanzi yemiyalelo nemikhawulo, asikwazi ukuthemba okukhiphayo kwemodeli ngaphandle kokuhlola imiphumela ukuthi iyasebenza yini. Isibonelo, kuthiwani uma imodeli ikhiqiza isihlungi esinokhiye ongasekelwa i-API yethu?
Esikhundleni sokucela i-FM ukuthi yenze isicelo se-GraphQL API ngokuqondile, singasebenzisa le ndlela elandelayo:
- Yalela imodeli ukuthi ibuyisele impendulo elandela izinga le-IETF lokuqinisekisa i-schema se-JSON elaziwayo.
- Qinisekisa i-schema se-JSON empendulweni.
- Ihumushele kusicelo se-GraphQL API.
Cela ukwaziswa
Ngokusekelwe ezibonelweni ezedlule, ukwaziswa kwesistimu kuzohlelwa ngale ndlela elandelayo:
# Genral Instructions
Your task is to convert free text queries to a JSON format that will be used to query security and network events in a SASE management console of Cato Networks. You are only allowed to output text in JSON format. Your output will be validated against the following schema that is compatible with the IETF standard:
# Schema definition
{
"$schema": "
"title": "Query Schema",
"description": "Query object to be executed in the 'Events' management console page. ",
"type": "object",
"properties":
{
"filters":
{
"type": "array",
"description": "List of filters to apply in the query, based on the free text query provided.",
"items":
{
"oneOf":
[
{
"$ref": "#/$defs/Action"
},
.
.
.
]
}
},
"time":
{
"description": "Start datetime and end datetime to be used in the query.",
"type": "object",
"required":
[
"start",
"end"
],
"properties":
{
"start":
{
"description": "start datetime",
"type": "string",
"format": "date-time"
},
"end":
{
"description": "end datetime",
"type": "string",
"format": "date-time"
}
}
},
"$defs":
{
"Operator":
{
"description": "The operator used in the filter.",
"type": "string",
"enum":
[
"is",
"in",
"not_in",
.
.
.
]
},
"Action":
{
"required":
[
"id",
"operator",
"values"
],
"description": "The action taken in the event.",
"properties":
{
"id":
{
"const": "action"
},
"operator":
{
"$ref": "#/$defs/Operator"
},
"values":
{
"type": "array",
"minItems": 1,
"items":
{
"type": "string",
"enum":
[
"Block",
"Allow",
"Monitor",
"Alert",
"Prompt"
]
}
}
}
},
.
.
.
}
}
}
Umbuzo ngamunye wabasebenzisi (wengezwe ekwazisweni kwesistimu) uzohlelwa ngale ndlela elandelayo:
# Free text query
Query: {free_text_query}
# Add current timestamp for context (used for time filters)
Context: If you need a reference to the current datetime, it is {datetime}, and the current day of the week is {day_of_week}
I-schema ye-JSON efanayo efakwe ekwazisweni ingase isetshenziselwe ukuqinisekisa impendulo yemodeli. Lesi sinyathelo sibalulekile, ngoba ukuziphatha kwemodeli ngokwemvelo akunqumi, futhi izimpendulo ezingathobeli i-API yethu zizophula ukusebenza komkhiqizo.
Ngokungeziwe ekuqinisekiseni ukuqondanisa, i-schema ye-JSON ingaphinda ibonise ukwephulwa kwe-schema okunembile. Lokhu kusivumela ukuthi sakhe inqubomgomo ngokusekelwe ezinhlotsheni ezihlukene zokwehluleka. Ngokwesibonelo:
- Uma kunezinkambu ezingekho ezimakwe njengezidingekayo, khipha ukwehluleka kokuhumusha kumsebenzisi
- Uma inani elinikeziwe lesihlungi somcimbi lingathobeli ifomethi, susa okokuhlunga bese udala isicelo se-API esivela kwamanye amanani, bese ukhipha isexwayiso sokuhumusha esiya kumsebenzisi.
Ngemuva kokuthi i-FM ihumushe ngempumelelo umbhalo wamahhala ube okukhiphayo okuhlelekile, ukuguqulela kusicelo se-API—njenge-GraphQL—kuyinqubo eqondile nenqumayo.
Ukuze siqinisekise le ndlela, sidale ibhentshimakhi enamakhulu emibuzo yombhalo kanye nokuphumayo kwayo okuhambisanayo okulindelekile kwe-JSON. Isibonelo, ake sicabangele umbuzo wombhalo olandelayo:
Security events with high risk level from IPS and Anti Malware engines
Kulo mbuzo, silindele impendulo elandelayo evela kumodeli, ngokusekelwe ku-schema se-JSON esinikeziwe:
{
"filters":
[
{
"id": "risk_level",
"operator": "is",
"values":
[
"High"
]
},
{
"id": "event_type",
"operator": "is",
"values":
[
"Security"
]
},
{
"id": "event_subtype ",
"operator": "in",
"values":
[
"IPS",
"Anti Malware"
]
}
]
}
Ngempendulo ngayinye ye-FM, sichaza imiphumela emithathu ehlukene:
- Impumelelo:
- I-JSON esebenzayo
- Isebenza nge-schema
- Ukufana okugcwele kwezihlungi
- Ngokwengxenye:
- I-JSON esebenzayo
- Isebenza nge-schema
- Ukufana okuncane kwezihlungi
- Iphutha:
- I-JSON engavumelekile noma ayivumelekile nge-schema
Ngenxa yokuthi ukwehluleka kokuhumusha kuholela kumuzwa womsebenzisi ompofu, ukukhipha isici bekuncike ekufinyeleleni izinga lamaphutha elingaphansi kuka-0.05, futhi i-FM ekhethiwe iyona enezinga eliphezulu lempumelelo (isilinganiso sezimpendulo ezinokufana okugcwele kwezihlungi) edlula lo mbandela.
Ukusebenza ne-Amazon Bedrock
I-Amazon Bedrock iyisevisi ephethwe ngokugcwele eyenza ukufinyelela kalula kunhlobonhlobo yama-FM asezingeni eliphezulu nge-API eyodwa, engenaseva. Ihlinzeka ngesevisi elungele ukukhiqiza ekwazi ukuphatha ngempumelelo izicelo zenani elikhulu, iyenze ilungele ukuthunyelwa kwezinga lebhizinisi.
I-Amazon Bedrock isenze sakwazi ukushintsha kahle phakathi kwamamodeli ahlukene, okwenza kube lula ukulinganisa nokwenza ngcono ukunemba, ukubambezeleka, kanye nezindleko, ngaphandle kobunzima bokuphatha ingqalasizinda eyisisekelo. Ukwengeza, abanye abathengisi ngaphakathi kwendawo ye-Amazon Bedrock, njenge-Cohere ne-Anthropic's Claude, banikeza amamodeli anokuqonda komdabu kwe-JSON schemas nedatha ehleliwe, okuqhubekisela phambili ukuthuthukisa ukusebenza kwawo emsebenzini wethu othile.
Sisebenzisa ibhentshimakhi yethu, sihlole ama-FM ambalwa ku-Amazon Bedrock, sicabangela ukunemba, ukubambezeleka, kanye nezindleko. Ngokusekelwe emiphumeleni, sikhethe i-anthropic.claude-3-5-sonnet-20241022-v2:0, ehlangabezane nesimo sokunquma sesilinganiso sephutha futhi yazuza izinga eliphezulu lempumelelo ngenkathi igcina izindleko ezinengqondo nokubambezeleka. Ngemva kwalokhu, siqhubekile nokuthuthukisa ikhambi eliphelele, elihlanganisa izingxenye ezilandelayo:
- Ikhonsoli yokuphatha – Uhlelo lokusebenza lokuphatha lwe-Cato umsebenzisi axhumana nalo ukuze abuke inethiwekhi ye-akhawunti yakhe nemicimbi yezokuphepha.
- Iseva ye-GraphQL – Isevisi ye-backend ehlinzeka nge-GraphQL API yokufinyelela idatha ku-akhawunti ye-Cato.
- I-Amazon Bedrock – Isevisi yamafu ephethe izicelo zokubamba nokuphakela i-FM.
- Isevisi yokusesha ulimi lwemvelo (NLS). – Isevisi ye-Amazon Elastic Kubernetes Service (i-Amazon EKS) isingathwe insizakalo yokuhlanganisa phakathi kwekhonsoli yokuphatha ye-Cato ne-Amazon Bedrock. Le sevisi inesibopho sokudala ukwaziswa okuphelele kwe-FM kanye nokuqinisekisa impendulo kusetshenziswa i-schema ye-JSON.
Umdwebo olandelayo ubonisa ukuhamba komsebenzi kusukela embuzweni wezandla womsebenzisi kuya ekukhishweni kwemicimbi ehlobene.
Ngamandla amasha, abasebenzisi bangaphinda basebenzise imodi yombuzo wombhalo wamahhala, ecutshungulwa njengoba kukhonjisiwe kumdwebo olandelayo.
Isithombe-skrini esilandelayo se- Imicimbi ikhasi libonisa imodi yombuzo wombhalo wamahhala isebenza.
Umthelela webhizinisi
Isibuyekezo sesici sakamuva sithole impendulo yekhasimende eyakhayo. Abasebenzisi, ikakhulukazi labo abangayijwayele i-Cato, bathole amandla okusesha amasha enembile, okwenza kube lula ukuzulazula nokuxhumana nesistimu. Ukwengeza, ukufakwa kokufakwayo kwezilimi eziningi, okusekelwa ngokomdabu yi-FM, kwenze i Imicimbi ikhasi elifinyeleleka kakhulu kubantu abangakhulumi isiNgisi okungezona ezomdabu ukuze balisebenzise, libasize bahlanganyele futhi bathole imininingwane ngolimi lwabo.
Omunye wemithelela evelele ukuncishiswa okuphawulekayo kwesikhathi semibuzo—ukwehliswa kusukela kumaminithi okuhlunga mathupha kuya emiphumeleni eseduze. Abaphathi be-akhawunti abasebenzisa isici esisha babike ukuthi isikhathi esicishe sibe nguziro sibaluleke, bathole izinzuzo ezisheshayo ngejika lokufunda elincane.
Isiphetho
Ukuguqula ngokunembile okokufaka kombhalo wamahhala kudatha ehlelekile kubalulekile ezinhlelweni ezibandakanya ukuphathwa kwedatha nokusebenzisana komsebenzisi. Kulokhu okuthunyelwe, sethule icala langempela lokusebenzisa ibhizinisi elivela ku-Cato Networks elithuthukise kakhulu ulwazi lomsebenzisi.
Ngokusebenzisa i-Amazon Bedrock, sithole ukufinyelela kumamodeli olimi akhiqizayo asezingeni eliphezulu ngokusekelwa okwakhelwe ngaphakathi kwezikimu ze-JSON nedatha ehlelekile. Lokhu kusivumele ukuthi silungiselele izindleko, ukubambezeleka, kanye nokunemba ngaphandle kwenkimbinkimbi yokuphatha ingqalasizinda eyisisekelo.
Nakuba isixazululo esisheshayo sobunjiniyela sihlangabezana nezidingo zethu, abasebenzisi abaphatha izikimu ze-JSON eziyinkimbinkimbi bangase bafune ukuhlola ezinye izindlela zokunciphisa izindleko. Ukufaka sonke i-schema ekwazisweni kungaholela ekubalweni kwethokheni okuphezulu kakhulu kombuzo owodwa. Ezimweni ezinjalo, cabanga ukusebenzisa i-Amazon Bedrock ukuze ulungise kahle imodeli, ukuze ushumeke ulwazi lomkhiqizo ngempumelelo kakhudlwana.
Mayelana Nababhali
U-Asaf Othosiwe uhola ithimba le-Data Science e-Cato Research Labs e-Cato Networks. Ilungu le-Cato Ctrl. I-Asaf ineminyaka engaphezu kweyisithupha yokuhlangenwe nakho kwezemfundo kanye nembonini ekusebenziseni izindlela ezisezingeni eliphezulu kanye nezindlela ezintsha zokufunda ngomshini esizindeni senethiwekhi nokuvikeleka ku-inthanethi. Izithakazelo zakhe eziyinhloko zocwaningo zihlanganisa ukutholwa kwempahla, ukuhlolwa kwengozi, nokuhlaselwa okusekelwe kunethiwekhi ezindaweni zamabhizinisi.
Daniel Pienica uyi-Data Scientist e-Cato Networks onothando oluqinile lwamamodeli ezilimi ezinkulu (LLMs) nokufunda ngomshini (ML). Ngesipiliyoni seminyaka eyisithupha ku-ML kanye ne-cybersecurity, uletha ingcebo yolwazi emsebenzini wakhe. Ebambe i-MSc ku-Applied Statistics, uDaniel usebenzisa amakhono akhe okuhlaziya ukuze axazulule izinkinga zedatha eziyinkimbinkimbi. Intshiseko yakhe ngama-LLM imenza athole izisombululo ezintsha ekuvikelekeni kwe-inthanethi. Ukuzinikela kukaDaniel emsebenzini wakhe kubonakala ekuhloleni kwakhe okuqhubekayo ubuchwepheshe namasu amasha.
Sergey Volkovich unguSayensi Wedatha onolwazi e-Cato Networks, lapho enza khona izixazululo ezisekelwe ku-AI ku-cybersecurity namanethiwekhi amakhompyutha. Uphothule i-M.Sc. ku-physics e-Bar-Ilan University, lapho ashicilela khona iphepha nge-theoretical quantum optics. Ngaphambi kokujoyina i-Cato, ube nezikhundla eziningi kumaphrojekthi ahlukahlukene okufunda ajulile, kusukela ekushicileleni iphepha lokuthola izinhlayiya ezintsha e-Weizmann Institute kuya ekuthuthukiseni amanethiwekhi amakhompyutha kanye nokuhweba nge-algorithmic. Njengamanje, indawo yakhe eyinhloko agxile kuyo ukucutshungulwa kolimi lwemvelo olusezingeni eliphezulu.
Omer Haim ungumakhi Wezixazululo Omkhulu e-Amazon Web Services, oneminyaka engaphezu kwengu-6 yokuhlangenwe nakho okunikezelwe ekuxazululeni izinselele eziyinkimbinkimbi zamakhasimende ngokusebenzisa umshini osha wokufunda nezisombululo ze-AI. Uletha ubungcweti obujulile kubuchwepheshe obukhiqizayo be-AI kanye neziqukathi, futhi unothando lokusebenza emuva kusukela ezidingweni zamakhasimende ukuze alethe izisombululo eziyingozi, eziphumelelayo eziqhuba inani lebhizinisi kanye noguquko lobuchwepheshe.
