內容簡介
**總結:**
Vulnity Security為WordPress帶來了企業級的威脅檢測。它將您的網站連接到Vulnity的SIEM平台,關聯事件並在問題發生前通知您。
**問題與答案:**
1. 這個外掛的名稱是什麼?
- 答:Vulnity Security。
2. 該外掛提供了哪些功能?
- 答:包括即時安全事件收集和轉發至Vulnity SIEM、突出顯示關鍵發現和修復步驟的儀表板小工具、針對核心檔案、插件和主題進行定期安全掃描、與主要SOC工作流相容的集中式記錄。
3. 如何配置接收警報?
- 答:需要配置由Vulnity SIEM帳戶提供的API令牌和端點URL,詳細配置說明將在啟用外掛後顯示在Vulnity > 設置下。
4. 這個外掛連接到哪些外部服務?
- 答:連接到Vulnity在Supabase Edge Functions上托管的外部API,用於驅動SIEM警報、庫存同步和緩解更新。
5. 發送哪些數據以及何時發送?
- 答:包括配對/取消配對時的網站ID、配對碼、插件/WordPress/PHP版本和時間戳;定期健康檢查的網站ID、URL、站點元數據、運行時信息等;安全事件偵測時的網站ID、警報類型/嚴重性、時間戳和事件詳細信息;庫存同步運行時的站點庫存詳細信息;緩解規則同步或執行操作時的站點ID、封鎖/解除封鎖操作、IP地址、原因、持續時間等。
6. 數據發送的目的是什麼?
- 答:將網站關聯到您的Vulnity帳戶、將安全警報傳遞給SIEM、驗證連接性、同步庫存和緩解政策、確保防火牆執行一致性。
7. 請問授權條款是什麼?
- 答:該外掛根據GNU通用公共許可證v2.0或更新版本許可。您可依據自由軟體基金會公布的GPL條款進行重新分發和/或修改。完整的授權文本包含在捆綁的license.txt文件中,並且還可在https://www.gnu.org/licenses/gpl-2.0.html 線上查閱。
外掛標籤
開發者團隊
原文外掛簡介
Vulnity Security brings enterprise-grade threat detection to WordPress. It connects your site to Vulnity’s SIEM platform, correlates events, and alerts you before issues become incidents.
Features
Real-time security event collection and forwarding to Vulnity SIEM.
Dashboard widgets that highlight critical findings and remediation steps.
Scheduled security scans for core files, plugins, and themes.
Centralized logging compatible with major SOC workflows.
Integration Requirements
To receive alerts, configure an API token and endpoint URL provided by your Vulnity SIEM account. Detailed configuration instructions are displayed after activating the plugin under Vulnity > Settings.
External Services
This plugin connects to Vulnity’s external API hosted on Supabase Edge Functions (domain: euxnoekqasvzwfcbybkg.supabase.co, base URL https://euxnoekqasvzwfcbybkg.supabase.co/functions/v1) to power SIEM alerts, inventory sync, and mitigation updates.
What the service is and what it is used for:
Vulnity SIEM API for pairing/unpairing, heartbeat checks, sending alerts, testing connectivity, syncing inventory, and receiving mitigation policies.
Endpoints used:
/pair-plugin, /unpair-plugin (pairing and disconnecting the site).
/heartbeat (periodic health check).
/connection-test (manual connection test).
/scan-site-info (inventory sync).
/generic-alert, /brute-force-alert, /file-security-alert, /manage-user, /user-management-alert, /permission-change-alert, /file-editor-alert, /plugin-change-alert, /theme-change-alert, /core-update-alert, /suspicious-query-alert, /scanner-detected-alert (security alerts).
/mitigation-config, /mitigation-update (mitigation policy sync and block/unblock updates).
What data is sent and when:
Pairing/unpairing: site ID, pair code, plugin/WordPress/PHP versions, and timestamp when pairing or disconnecting occurs.
Heartbeat: site ID, URLs, site metadata (name, language, timezone, theme), and runtime info (plugin/WordPress/PHP versions, latency) on a scheduled interval.
Alerts: site ID, alert type/severity, timestamps, and event details (such as IP address, user/action metadata, or file change context) whenever a security event is detected.
Inventory sync: site inventory details (installed plugins/themes/core metadata) when inventory sync runs.
Mitigation: site ID, block/unblock actions, IP address, reason, duration, and rule metadata when mitigation rules are synced or enforcement actions occur.
Why the data is sent:
To associate the site with your Vulnity account, deliver security alerts to the SIEM, validate connectivity, synchronize inventory and mitigation policies, and keep firewall enforcement consistent.
Policies: See the Vulnity Terms of Service and Privacy Policy for details on how data is handled.
License
This plugin is licensed under the GNU General Public License v2.0 or later. You are free to redistribute and/or modify it under the terms of the GPL as published by the Free Software Foundation. The complete license text is included in the bundled license.txt file and is also available online at https://www.gnu.org/licenses/gpl-2.0.html.
