Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tracing - a Journey to Tactical Insights by Flo...

DevOps Gathering
March 11, 2020
260

Tracing - a Journey to Tactical Insights by Florian Kückelkorn

DevOps Gathering

March 11, 2020
Tweet

More Decks by DevOps Gathering

Transcript

  1. 2 Speaker Tracing – A journey to tactical insights Florian

    Kuckelkorn Technical Coordinator Florian.Kuckelkorn@gdata.de
  2. 3 Content Tracing – A journey to tactical insights o

    Tracing for the non technical audience o Tracing for the technical audience o Post – Processing of traces o Tracing in the scope of G DATA CyberDefense
  3. 7 Crime Scene Tracing – A journey to tactical insights

    The Jewel Robbery at the Grand Metropolitan A g a th a C h ris tie s P o iro t - 1 9 2 3
  4. 11 Jewelry owner & possible suspects Tracing – A journey

    to tactical insights Mr. & Mrs. Opalsen Jewelry
  5. 12 Possible suspect Tracing – A journey to tactical insights

    Céléstine – Mrs. Opalsen lady's maid
  6. 15 Start Tracing – A journey to tactical insights Mr.

    and Mrs. Opalsen are getting ready for the theatre
  7. 16 Jewel box Tracing – A journey to tactical insights

    The jewelry is placed in a jewel box
  8. 17 Homecoming Tracing – A journey to tactical insights Mr.

    & Mrs. Opalsen return from the theatre
  9. 20 Witness interrogation Tracing – A journey to tactical insights

    Hotel room Mrs. Opalsen Hotel room Mr. & Mrs. Opalsen witness interrogation leads to spans and traces Hotel room Theatre Jewelry Jewelry Box unkown Celestine (maid) Chambermaid Hotel work Dinner with Celestine Hotel work
  10. 21 Witness interrogation Tracing – A journey to tactical insights

    Hotel room Mrs. Opalsen Hotel room Mr. & Mrs. Opalsen Post-Processing of span leads to possible suspects Hotel room Theatre Jewelry Jewelry Box unkown Celestine (maid) Chambermaid Hotel work Dinner with Celestine Hotel work
  11. 22 Witness interrogation Tracing – A journey to tactical insights

    Hotel room Mrs. Opalsen Hotel room Mr. & Mrs. Opalsen Child_of Spans with details Hotel room Theatre Jewelry Jewelry Box unkown Celestine (maid) Chambermaid Hotel work Dinner with Celestine Hotel work Next room
  12. 23 Witness interrogation Tracing – A journey to tactical insights

    Hotel room Mrs. Opalsen Hotel room Mr. & Mrs. Opalsen Child_of Spans with details Hotel room Theatre Jewelry Jewelry Box unkown Celestine (maid) Chambermaid Hotel work Dinner with Celestine Hotel work Next room
  13. 24 Witness interrogation Tracing – A journey to tactical insights

    Hotel room Mrs. Opalsen Hotel room Mr. & Mrs. Opalsen Child_of Spans with details Hotel room Theatre Jewelry Jewelry Box unkown Celestine (maid) Chambermaid Hotel work Dinner with Celestine Hotel work Next room
  14. 26 Observability Tracing – A journey to tactical insights Metrics

    Tracing Logging Request-scoped events Request-scoped metrics aggregatable events D A T A
  15. 27 OpenTracing Specification Tracing – A journey to tactical insights

    https://github.com/opentracing/specification/blob/master/specification.md “Traces in OpenTracing are defined implicitly by their Spans. In particular, a Trace can be thought of as a directed acyclic graph (DAG) of Spans, where the edges between Spans are called References.”
  16. 28 Span Context Tracing – A journey to tactical insights

    optional: span baggage https://opentracing.io/docs/overview/
  17. 30 Launch Docker Swarm Stacks Tracing – A journey to

    tactical insights Each span one message
  18. 36 Tactical Intel Tracing – A journey to tactical insights

    Tactical Insights Dependencies RED Metrics (Rate, Error, Duration) Distributed Commit ComLayer (Waittime, …) AutoScaling Anomaly detection Feature extraction DataScience (manual) Run-Time analysis Message-loss recursive chain DataScope Knowledge Base
  19. 37 Stream Processing – Core Concept Tracing – A journey

    to tactical insights Stream Processing
  20. 38 Stream Processing – Core Concept Tracing – A journey

    to tactical insights Simple Event Processing (SEP) Route, Filter, Enrich
  21. 39 Stream Processing – Core Concept Tracing – A journey

    to tactical insights Event Stream Processing (ESP) min, max, avg
  22. 40 Stream Processing – Core Concept Tracing – A journey

    to tactical insights Complex Event Processing (CEP) Patterns, Stateful, Joins
  23. 41 Tracing – A journey to tactical insights Apache Flink

    1.10 Stateful Computations over Data Stream
  24. 44 G DATA CyberDefense AG Tracing – A journey to

    tactical insights • German IT Security company • Founded 1985 in Bochum • ~ 500 employees
  25. 45 G DATA CyberDefense AG Tracing – A journey to

    tactical insights • G DATA CyberDefense AG • First commerical AV software 1987 • Today broad product portfolio B2B / B2C • G DATA Advanced Analytics • Founded 2015 • Security Consulting, Incident Response, Malware Analysis
  26. 46 Some internal metrics Tracing – A journey to tactical

    insights No Sampling -> 250 GB per day 0,1 % Sampling -> 1 GB per day
  27. 47 Tracing Prototype Tracing – A journey to tactical insights

    https://github.com/GDATASoftwareAG/DevOpsGathering2020
  28. 49 Services Tracing – A journey to tactical insights Sample

    Ingester Dynamic Analyser Statical Analyser Classificator
  29. 50 TopLevel Events Tracing – A journey to tactical insights

    NEW_SAMPLE_RECEIVED SAMPLE_RECEIVED SANDBOX_RUN_COMPLETE STATICAL_ANALYSIS_COMPLETE SAMPLE_CLASSIFIED
  30. 51 Implementation Tracing – A journey to tactical insights Sample

    Ingester Dynamic Analyser Statical Analyser Classificator Kafka NEW_SAMPLE_RECEIVED
  31. 52 Top Level Trace Tracing – A journey to tactical

    insights Sample Ingest Statical Analyser Dynamical Analyser Classificator Sample Processing
  32. 53 Launch Docker Swarm Stacks Tracing – A journey to

    tactical insights docker swarm init
  33. 54 Jaeger Collector General Tracing Architecture Tracing – A journey

    to tactical insights Jaeger Agent Services Post Processing Jaeger UI Database Kafka
  34. 55 Post Processing Architecture Tracing – A journey to tactical

    insights Post Processing Kafka Apache Flink GraphDB Prometheus ElasticSearch
  35. 57 RED Metrics (Rate, Error and Duration) Tracing – A

    journey to tactical insights PUBLISHER_RATE_GENERATOR = PROB PUBLISHER_RATE = 3 SIMULATE_S3_BEHAVIOUR = PROBABILISTIC
  36. 58 RED Metrics (Rate, Error and Duration) Tracing – A

    journey to tactical insights PUBLISHER_RATE_GENERATOR = PROB PUBLISHER_RATE = 3 SIMULATE_S3_BEHAVIOUR = CONST
  37. 59 RED Metrics (Rate, Error and Duration) Tracing – A

    journey to tactical insights PUBLISHER_RATE_GENERATOR = PROB PUBLISHER_RATE = 3 SIMULATE_S3_BEHAVIOUR = ERROR
  38. 61 Data Scope Tracing – A journey to tactical insights

    Tag your spans child_of fellow_from child_of
  39. 68 Final Words Tracing – A journey to tactical insights

    Your are invited to contact me: Florian.Kuckelkorn@gdata.de