Upgrade to Pro — share decks privately, control downloads, hide ads and more …

これが Cloud Native な セキュリティログ分析だ (仮)

Avatar for Masayoshi Mizutani Masayoshi Mizutani
February 11, 2018
Technology
7
3.4k

これが Cloud Native な セキュリティログ分析だ (仮)

Cookpad techconf 2018のLTで講演した資料です

Avatar for Masayoshi Mizutani

Masayoshi Mizutani

February 11, 2018
Tweet

More Decks by Masayoshi Mizutani

See All by Masayoshi Mizutani
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
Avatar for Masayoshi Mizutani mizutani
9
5.1k
MCPの基礎とUbieにおける活用事例 /ubie-mcp
Avatar for Masayoshi Mizutani mizutani
3
2.4k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
Avatar for Masayoshi Mizutani mizutani
9
3.1k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
Avatar for Masayoshi Mizutani mizutani
2
870
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
Avatar for Masayoshi Mizutani mizutani
0
940
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
Avatar for Masayoshi Mizutani mizutani
7
4.7k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
Avatar for Masayoshi Mizutani mizutani
0
760
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
Avatar for Masayoshi Mizutani mizutani
1
1.2k
Amazon Athena を使った セキュリティログ検索基盤の構築 /seclog-athena
Avatar for Masayoshi Mizutani mizutani
5
3k

Other Decks in Technology

See All in Technology
なぜSaaSがMCPサーバーをサービス提供するのか?
Avatar for SansanTech sansantech
PRO
8
2.8k
大「個人開発サービス」時代に僕たちはどう生きるか
Avatar for Sotaro Karasawa sotarok
20
9.8k
AI開発ツールCreateがAnythingになったよ
Avatar for s sato tendasato
0
120
Snowflake Intelligenceにはこうやって立ち向かう!クラシルが考えるAI Readyなデータ基盤と活用のためのDataOps
Avatar for harry gappy50
0
130
OCI Oracle Database Services新機能アップデート(2025/06-2025/08)
Avatar for oracle4engineer oracle4engineer
PRO
0
110
実践!カスタムインストラクション&スラッシュコマンド
Avatar for puku0x puku0x
0
360
複数サービスを支える マルチテナント型 Batch MLプラットフォーム
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
310
バッチ処理で悩むバックエンドエンジニアに捧げるAWS Glue入門
Avatar for morimorikochan diggymo
3
200
Aurora DSQLはサーバーレスアーキテクチャの常識を変えるのか
Avatar for TomoyaIwata iwatatomoya
1
880
生成AIでセキュリティ運用を効率化する話
Avatar for Tkay sakaitakeshi
0
610
ChatGPTとPlantUML/Mermaidによるソフトウェア設計
Avatar for gowhich501 gowhich501
1
130
今!ソフトウェアエンジニアがハードウェアに手を出すには
Avatar for mackee mackee
11
4.7k

Featured

See All Featured
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
6k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.6k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
268
13k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
352
21k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.1k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.8k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
840

Transcript

  1. ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩά෼ੳͩ (Ծ) Cookpad Inc

    2018.2.10

  2. ηΩϡϦςΟ؂ࢹ ΍ͬͯ·͔͢ʁ 2

  3. CookpadͰ΋ؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲౰͸ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜ΢ΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ

    ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥ΢υ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀ຿γεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚Ε͹ͳΒͳ͍෺ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷ৘ใ

  4. 4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯ෼ੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α

  5. 5

  6. SIEMΛஔ͚͹શ෦ղܾͩͱࢥͬͯͨʁ ࢒೦ʂ ɾ؂ࢹର৅ͷ؀ڥͷߏ੒มߋʹऑ͍ ɾ ϩάૹ৴ݩͷ؅ཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗ਎ͷߏ੒มߋ΋ۤख ɾ HAઃఆɺεέʔϧΞ΢τɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋ؅ཧ΍ςετ͕ۤख ɾ

    ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥ΢υ؀ڥ΍ؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍

  7. 7

  8. ͦ΋ͦ΋Կ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ

  9. SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͠΍͍͢ܗࣜʹม׵͢Δ ɾڞ௨͢Δϩάͷଐੑ஋ʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά

  10. SIEMͷػೳ (2) 10 ϩάͷ෼ੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔ΋ͷΛݟ͚ͭΔ ɾύλʔϯϚον΍ϩάͷ਺্͑͛ͳͲ ϩά ϩά ϩά

  11. SIEMͷػೳ (3) 11 ϩάͷอ؅ɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛద੾ʹอ؅͢Δ ɾूΊͨϩά͔Βඞཁͳ৘ใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲౰

  12. SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼ؅ཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠৔߹ɺ୲౰ऀʹ௨஌͢Δ ɾ௨஌ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه࿥͢Δ ηΩϡϦςΟ୲౰

  13. ·ͱΊΔͱ 13

  14. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 14

    SIEMͷػೳ

  15. Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15

  16. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 16

    AWSͷαʔϏε + α Ͱ୅ସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ

  17. ͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  18. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis

    Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά͸·ͣ4ʹ౤͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ๷͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ࢖͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ͸-BNCEBΛ࢖ͬͯίʔ υ؅ཧˍςετΛॻ͍ͯ$*

  19. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷ෼ੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠෼ੳ w ෼ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞ΢τ w ݕ஌ΤϯδϯͷBUUBDIEFUBDI΋ࣗ༝ࣗࡏ w ΋ͪΖΜϧʔϧ΋ίʔυ؅ཧˍςετ

  20. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอ؅ɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈ૞ࠪ͸(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕௕ظؒʹ౉͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ৔߹ɺ"UIFOB Λ࢖ͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝ଎ͳௐ͕ࠪՄೳ

  21. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼ؅ཧ w ΦϖϨʔλ΁ͷ௨஌͸1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞੒͠ɺΞϥʔτͷௐࠪʹؔ͢Δ৘ใΛ ूத؅ཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈৘ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ

  22. ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  23. 23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ

  24. Cloud Nativeʹ ηΩϡϦςΟ؂ࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফ໣Λ๷͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋ؅ཧˍςετʴCIͱ૬ੑ͕ྑ͍

  25. Thank you 25