Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
これが Cloud Native な セキュリティログ分析だ (仮)
Search
Masayoshi Mizutani
February 11, 2018
Technology
7
3.3k
これが Cloud Native な セキュリティログ分析だ (仮)
Cookpad techconf 2018のLTで講演した資料です
Masayoshi Mizutani
February 11, 2018
Tweet
Share
More Decks by Masayoshi Mizutani
See All by Masayoshi Mizutani
MCPの基礎とUbieにおける活用事例 /ubie-mcp
mizutani
3
1.6k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
mizutani
9
3k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
mizutani
2
780
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
mizutani
0
890
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
mizutani
7
4.6k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
mizutani
0
740
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
mizutani
1
1.1k
Amazon Athena を使った セキュリティログ検索基盤の構築 /seclog-athena
mizutani
5
3k
Webサービス事業会社におけるEDRの検討と導入の事例 /falcon2019
mizutani
1
790
Other Decks in Technology
See All in Technology
AI技術トレンド勉強会 #1MCPの基礎と実務での応用
nisei_k
1
240
初めてのAzure FunctionsをClaude Codeで作ってみた / My first Azure Functions using Claude Code
hideakiaoyagi
1
180
DenoとJSRで実現する最速MCPサーバー開発記 / Building MCP Servers at Lightning Speed with Deno and JSR
yamanoku
1
260
生成AIでwebアプリケーションを作ってみた
tajimon
2
120
活きてなかったデータを活かしてみた話 / Shirokane Kougyou vol 19
sansan_randd
1
410
CI/CDとタスク共有で加速するVibe Coding
tnbe21
0
230
キャディでのApache Iceberg, Trino採用事例 -Apache Iceberg and Trino Usecase in CADDi--
caddi_eng
0
170
Welcome to the LLM Club
koic
0
130
AIエージェントの継続的改善のためオブザーバビリティ
pharma_x_tech
6
1.4k
25分で解説する「最小権限の原則」を実現するための AWS「ポリシー」大全 / 20250625-aws-summit-aws-policy
opelab
6
690
Amplifyとゼロからはじめた AIコーディング 成果と展望
mkdev10
1
360
VCpp Link and Library - C++ breaktime 2025 Summer
harukasao
0
220
Featured
See All Featured
Code Review Best Practice
trishagee
68
18k
VelocityConf: Rendering Performance Case Studies
addyosmani
330
24k
GitHub's CSS Performance
jonrohan
1031
460k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
228
22k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
46
9.6k
Docker and Python
trallard
44
3.4k
Testing 201, or: Great Expectations
jmmastey
42
7.5k
The Cost Of JavaScript in 2023
addyosmani
51
8.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Unsuck your backbone
ammeep
671
58k
Transcript
ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩάੳͩ (Ծ) Cookpad Inc
2018.2.10
ηΩϡϦςΟࢹ ͬͯ·͔͢ʁ 2
CookpadͰؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ
ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥυ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀγεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚ΕͳΒͳ͍ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷใ
4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α
5
SIEMΛஔ͚શ෦ղܾͩͱࢥͬͯͨʁ ೦ʂ ɾࢹରͷڥͷߏมߋʹऑ͍ ɾ ϩάૹ৴ݩͷཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗͷߏมߋۤख ɾ HAઃఆɺεέʔϧΞτɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋཧςετ͕ۤख ɾ
ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥυڥؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍
7
ͦͦԿ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ
SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͍͢͠ܗࣜʹม͢Δ ɾڞ௨͢Δϩάͷଐੑʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά
SIEMͷػೳ (2) 10 ϩάͷੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔͷΛݟ͚ͭΔ ɾύλʔϯϚονϩάͷ্͑͛ͳͲ ϩά ϩά ϩά
SIEMͷػೳ (3) 11 ϩάͷอɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛదʹอ͢Δ ɾूΊͨϩά͔ΒඞཁͳใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲
SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠߹ɺ୲ऀʹ௨͢Δ ɾ௨ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه͢Δ ηΩϡϦςΟ୲
·ͱΊΔͱ 13
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 14
SIEMͷػೳ
Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 16
AWSͷαʔϏε + α Ͱସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ
͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis
Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά·ͣ4ʹ͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ-BNCEBΛͬͯίʔ υཧˍςετΛॻ͍ͯ$*
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠ੳ w ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞτ w ݕΤϯδϯͷBUUBDIEFUBDIࣗ༝ࣗࡏ w ͪΖΜϧʔϧίʔυཧˍςετ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈࠪ(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕ظؒʹ͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ߹ɺ"UIFOB ΛͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝͳௐ͕ࠪՄೳ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼཧ w ΦϖϨʔλͷ௨1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞͠ɺΞϥʔτͷௐࠪʹؔ͢ΔใΛ ूதཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ
ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ
Cloud Nativeʹ ηΩϡϦςΟࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফΛ͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋཧˍςετʴCIͱ૬ੑ͕ྑ͍
Thank you 25