Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティログ分析基盤の構築 on AWS
Search
Masayoshi Mizutani
May 16, 2018
Technology
11
8k
セキュリティログ分析基盤の構築 on AWS
2018.5.16 Security JAWS での発表資料です
Masayoshi Mizutani
May 16, 2018
Tweet
Share
More Decks by Masayoshi Mizutani
See All by Masayoshi Mizutani
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
mizutani
1
460
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
mizutani
0
770
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
mizutani
7
4.3k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
mizutani
0
670
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
mizutani
1
1.1k
Amazon Athena を使った セキュリティログ検索基盤の構築 /seclog-athena
mizutani
5
2.8k
Webサービス事業会社におけるEDRの検討と導入の事例 /falcon2019
mizutani
1
710
AWS re:Inforce recap 2019
mizutani
1
4.2k
スケーラブルなセキュリティ監視基盤の作り方 /techconf2019-mizutani
mizutani
3
3.1k
Other Decks in Technology
See All in Technology
From naive to advanced RAG: the complete guide
glaforge
0
620
地域DXにおけるGrafana活用事例
wacky
0
370
フェンリルの SwiftUI の研修を覗いてみる / Fenrir SwiftUI Training
studio_rookery
0
130
The People First Approach to Engineering Success - DevNot 2024
zikriyeurkmez
0
220
テクニカルライターのチームで「目標」をどう決めたか / MVV for a Team of Technical Writers
lycorptech_jp
PRO
3
150
AWS Lambda と Amazon SQS で「わかった気になれる」FreeRTOS 入門
soracom
PRO
2
140
RAG: from dumb implementation to serious results
glaforge
0
610
Application Signalsで始めるSLO ユーザー満足度を数値化する第一歩
niftycorp
PRO
2
140
Road to Single Activity Uncovered
yurihondo
0
110
生成AI入門
shukob
0
110
テストを楽に書きたい
tomorrowkey
2
260
まだ間に合う! 生成AIトレンド一挙おさらい & AWSのBedrockに入門しよう
minorun365
PRO
4
140
Featured
See All Featured
A Tale of Four Properties
chriscoyier
156
22k
Embracing the Ebb and Flow
colly
84
4.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
225
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
40
2.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
105
48k
Why Our Code Smells
bkeepers
PRO
334
57k
Speed Design
sergeychernyshev
23
540
The Pragmatic Product Professional
lauravandoore
31
6.2k
Optimising Largest Contentful Paint
csswizardry
31
2.9k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Happy Clients
brianwarren
97
6.7k
Transcript
ηΩϡϦςΟϩάੳج൫ͷߏங PO"84 ΫοΫύουגࣜձࣾΠϯϑϥετϥΫνϟʔ෦ ਫ୩ਖ਼ܚ 8FE
ࣗݾհˍൃද֓ཁ wਫ୩ਖ਼ܚ !N@NJ[VUBOJ w ຊ*#.ೖࣾ w ౦ژجૅݚڀॴ w ηΩϡϦςΟࣄۀ෦5PLZP40$
w ΫοΫύουגࣜձࣾೖࣾ w ΠϯϑϥετϥΫνϟʔ෦ηΩϡϦςΟνʔϜ wࠓͷൃද ݄ʹฐࣾ5FDI$POGͷ-5Ͱͨ͠༰ͷ࠷৽൛Ͱ͢
ηΩϡϦςΟϩάੳͱ͍͑4*&.ɺ͔͠͠Ϋϥυ্ͩͱʜ wϩάͷૹ৴ݩΛಈతʹ੍ޚͰ͖ͳ͍ w ૹ৴ݩʴϩάͷܗࣜͷΤϯτϦΛཧ͢Δ"1*͕ͳ͍ w Χλϩά্ࣗಈొ͢Δͱݴ͍ͬͯΔ͕͏·͘Ճ͞Εͳ͍ w ΠϯελϯεɾαʔϏεͷՃɾআʹରԠ͢Δͷ͕େม wશମߏΛؾܰʹ͍͡Εͳ͍ w
ߏ্εέʔϧΞτ͢Δ͕खಈˍࣦഊ͢Δͱഁ໓ w εέʔϧΞτͨ͠ͷͷதʹϩά͕ΔͷͰεέʔϧΠϯෆՄ w ϩά͕όʔετͨ͠ͱ͖ͷରԠ͕େม wϧʔϧͷςετ͕͍͠ w ςετͷͨΊʹෳߏ༻ҙ͢ΔPS࣮ڥͰΔ w "1*ͳͲͳ͍ͷͰɺવਓखͰؤுΔ w ΫΠοΫʹϧʔϧͷௐ͕Ͱ͖ͳ͍มߋʹΑΔαΠυΤϑΣΫτͰۤ࿑͢Δ ˞ҰൠԽ͞ΕͨͰͳ͘ɺͱ͋Δͷܦݧʹج͍ͮͨఆͰ͢
ઃܭཁ݅ wোͷੑ wੑೳɿඦ(#ͷྲྀྔˍ༰қͳεέʔϧΞτ͕Մೳ wมߋཤྺཧ w؇͍ϦΞϧλΠϜੑɿఔͷԆڐ༰ wঢ়گʹԠͨ͡ηΩϡϦςΟੳ w ύλʔϯ ৗతʹൃੜ͢ΔΞϥʔτͷੳ w
ύλʔϯ Πϯγσϯτൃੜ࣌ͷظੳ w ύλʔϯ ظؒͷ౷ܭใऔಘ wੳɾରԠͷࣗಈԽ
ΞʔΩςΫνϟ֓ཁ ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ Lambda Lambda Lambda Kinesis Stream S3 S3
Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Ξϥʔτͷௐࠪ CloudWatch Logs/Event, GuardDuty, CloudTrail EC2 instances ͦͷଞϓϩμΫτ Kinesis Stream Kinesis Stream ˞ࡉ͔͍ͱ͜Ζͪΐͬͱંͬͯ·͢
ΞʔΩςΫνϟ֓ཁ ύʔτ͚ ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ Lambda Lambda Lambda Kinesis Stream S3
S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Ξϥʔτͷௐࠪ EC2 instances ͦͷଞϓϩμΫτ Kinesis Stream Kinesis Stream ϩάऩूύʔτ ϩάॲཧύʔτ Ξϥʔτॲཧύʔτ CloudWatch Logs/Event, GuardDuty, CloudTrail
ϩάॲཧύʔτ wϑΝΠϧੜΠϕϯτͷॲཧ 4ˠ-BNCEBˠ,JOFTJT4USFBN w 4ͷ$SFBUF0CKFDUΠϕϯτΛ-BNCEBͰड͚ͯ,JOFTJT4USFBNʹྲྀ͢ w -BNCEBʹϩάྲྀͣ͞ʹ4্ͷϑΝΠϧͷΩʔͳͲ࠷ݶͷ
ใ͚ͩΛྲྀ͢ w ,JOFTJT4USFBNͰΠϕϯτใΛड͚औͬͨޙଓͷ-BNCEB͕4ͷ ϑΝΠϧΛಡΈࠐΈϩάσʔλΛऔಘ͢Δ ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ Lambda Lambda Kinesis Stream ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ ϩάͷม Kinesis Stream
ϩάॲཧύʔτ wϩάͷมUP(SBZMPH w ,JOFTJT4USFBN͔ΒϩάϑΝΠϧઃஔͷΠϕϯτΛड͚औͬͨޙɺ ϑΝΠϧΛ4͔ΒಡΈऔΔˠϩάͷύʔεˠ(SBZMPHసૹ w ύʔαࣗલͰ༻ҙ4ͷόέοτʴύεͰϑΥʔϚοτΛผ w (SBZMPHͷ(&-'ܗࣜʹมͨ͠ޙ5$1Ͱసૹ
wϩάͷมUP"UIFOB w -BNCEBͰ"UIFOBʹରԠͨ͠+40/ܗࣜʹม w (MVFΛͬͨมʹͰ͖ͳ͍͔ݕ౼த ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ Lambda Lambda Kinesis Stream ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ ϩάͷม Kinesis Stream
Ξϥʔτॲཧύʔτ w(JU)VC&OUFSQSJTF ()& Λใूͷجʹ w Ξϥʔτ͕ݕ͞ΕͨΒ()&ʹ*TTVFΛͨͯͯɺͦ͜ʹؔ࿈ใΛί ϝϯτͱͯ͠ه͠ूதͤ͞Δ wؔ࿈ใͷࣗಈऩू w 7JSVT5PUBMͰͷݕࡧɺ(SBZMPHͰͷؔ࿈ϩάͷݕࡧͳͲఆܗ࡞ۀͳ
ͷͰࣗಈͰ()&ʹίϝϯτͤ͞Δ w௨ϝʔϧ 4MBDL w ηΩϡϦςΟάϧʔϓͰϩʔςʔγϣϯ Ξϥʔτͷൃใ GHE PagerDuty Slack Ξϥʔτͷௐࠪ Kinesis Stream
ӡ༻ͷ༷ࢠ
1BHFS%VUZ͕ൃใ ʢϝʔϧ4MBDLʣ
Ξϥʔτ()&ͷ *TTVFͱͯ͠ىථ
7JSVT5PUBMͷ ใࣗಈͰه
(SBZMPH͔ΒϩάΛநग़ ˍ ৽ͨͳϩάࢀরͰ͖ΔΑ ͏ʹΫΤϦ63-Λίϝϯτ
ඞཁʹԠͯ͡(SBZMPH ͰΞϥʔτͷৄࡉௐࠪ ·ͨ *OEJDBUPS͕ྲྀΕ͖ͯͨ ͱ͖ʹΫΠοΫʹௐࠪ
ௐࠪɾੳ݁ՌΛ ίϝϯτͱͯ͠ ॻ͖͢͜ͱͰ ݟΛڞ༗
Thank you