Eventual Detection Engineering

Transcript

1. @ken5scal, 2024/09/05 ࣄۀϦεΫͱ Detection Engineering ~Eventual DE~

2. - ηΩϡϦςΟͷ؂ࢹج൫ʹ͓͚Δ՝୊ - ܧଓతͳऔΓ૊ΈΛ͢ΔͨΊͷʮ࠷ॳͷ؂ࢹʯ - ٕज़࣮૷ͷભҠ - Eventual Detection Engineering

   - ݱ࣌఺Ͱͷ՝୊ ࠓ೔ͷ͓࿩

3. - ݐલ - Detection EngineeringͱσʔλۦಈͳηΩϡϦςΟɺָ͍͠Α٩( 'ω')٩و('ω' )و - ຊԻ -

   ੲ͔ΒSIEMಋೖ͠·ͨ͠ఔ౓ͷΤϯτϦ͔͠ͳ͍ - ΋ͬͱӡ༻ʹ൐͏ཁૉٕज़ฉ͖͍ͨ - ৘ใग़ͯ͘͠Ε·ͤΜ͔|шƅ)ŧŽŕ - ※ग़ͨ͠ͱ͜ΖͰͦ͜·ͰϦεΫ͋Δ࿩Ͱ͔͢ʁ ࠓ೔ͷΰʔϧ

4. - ॴଐ - ࡾҪ෺࢈σδλϧɾΞηοτϚωδϝϯτ - ίʔϙϨʔτγεςϜ෦: DevSecOps, Corp Eng౳ -

   LayerX Fintechࣄۀ෦ʢˢʹग़޲ʣ - ݸਓ׆ಈ - िؒχϡʔεϨʔλʔɺPodCastɺಉਓࢽ - དྷྺ - ۚ༥ܥSIer > ࢿ࢈؅ཧɾՈܭ฽ɾձܭSP > ূ݊ձࣾ > ݱ৬ - ͳΜ͔ͩΜͩFintech/ূ݊ܥʹ͍Δ - ࠷ۙ͸σʔλΤϯδχΞϦϯάΛཤमத @ken5scal χϡʔεϨλʔ: https://ken5scal.notion.site/54bda4932da14add9e9911ab3e9a6e5c podcast: https://open.spotify.com/show/73sFeKzUIkSYfCZWVBNO70

5. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

   ݟग़͠ https://speakerdeck.com/layerx/company-deck
6. None
7. None

8. ~݄̐·Ͱ: SIEMಋೖ ͱΓ͋͑ͣೖΕ͚ͨͩ

9. - σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ - σʔλίωΫλͷ੍ݶɾඇ֦ுੑ - ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞ ՝୊

10. - σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ - Ұఆظؒʹ͓͚Δσʔλྔͷҧ͍ - ϑΥʔϚοτͷҧ͍ - ࣝผੑͷҧ͍ - ػඍੑͷҧ͍

    - σʔλίωΫλͷ੍ݶɾඇ֦ுੑ - ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞ ՝୊

11. - σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ - σʔλίωΫλͷ੍ݶɾ֦ுੑ - ίωΫλ͕ͳ͍ - औಘܦ࿏ɾखஈ͕ϑοΫ͚ͩͰͳ͘ɺΫϩʔϦ ϯά΍खಈͳ΋ͷ΋͋Δ -

    ෆཁͳσʔλɾϑΟʔϧυͷϑΟϧλ͕೉͍͠ - ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞ ՝୊

12. - σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ - σʔλίωΫλͷ੍ݶɾඇ֦ுੑ - ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞ - ΫΤϦݴޠ͕αʔϏε͝ͱʹҟͳΔ - Πϕϯτʹඥͮ͘ίϯςΫετͷऔಘʹผσʔλιʔε

    Λ׆༻ඞཁ͕͋Δ - ੬ऑͳঢ়ଶ͔൑அ͢Δඞཁ͕͋Δ ՝୊

13. - σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ - σʔλίωΫλͷ੍ݶɾඇ֦ுੑ - ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞ ՝୊

14. ʮken5͞Μɺ͜ͷίετ͚ͩͲ͞…ʯ

15. ग़ͨ͠ϒϩά https://tech.layerx.co.jp/entry/2024/03/29/093647

16. - Ұݩతʹऩूɾอ؅ɾ෼ੳͰ͖Δ - ౷Ұతͳϩάඪ४Λ͋ͯ͸Ί͍ͨ - ΫΤϦݴޠ͸౷Ұ͍ͨ͠ - ෼ੳͨ͘͠ͳ͍΋ͷΛআ֎͍ͨ͠ - ಈతΠϕϯτɾϩάͱɺ੩తͳσʔλϕʔεΛಥ߹͍ͨ͠

    - ༻్ʹԠͯ͡σʔλΛ੔ܗɾΤϯϦον͍ͨ͠ - ༻్ʹԠͨ͡৽͍͠σʔλϕʔεΛ࡞Γ͍ͨ - ίετΛ࠷దԽ͍ͨ͠ ཉ͢Δ΋ͷ

17. - Ұݩతʹऩूɾอ؅ɾ෼ੳͰ͖Δ - ౷Ұతͳϩάඪ४Λ͋ͯ͸Ί͍ͨ - ෼ੳͨ͘͠ͳ͍΋ͷΛআ֎͍ͨ͠ - ΫΤϦݴޠ͸౷Ұ͍ͨ͠ - ಈతΠϕϯτɾϩάͱɺ੩తͳσʔλϕʔεΛಥ߹͍ͨ͠

    - ༻్ʹԠͯ͡σʔλΛ੔ܗɾΤϯϦον͍ͨ͠ - ༻్ʹԠͨ͡৽͍͠σʔλϕʔεΛ࡞Γ͍ͨ - ίετΛ࠷దԽ͍ͨ͠ ཉ͢Δ΋ͷ ٻΊΒΕΔѹ౗తίϯτϩʔϥϏϦςΟ

18. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σʔλΤϯδχΞϦϯά΁ͷγϑτ

19. ݄̐ʙ݄̓ https://tech.layerx.co.jp/entry/siem2datalake-seclake

20. - طଘͷAWSܥηΩϡϦςΟΠϕϯτɾϩάͷಥ߹ - ಛఆظؒϩάΠϯ͍ͯ͠ͳ͍Ϣʔβʔͷચग़͠ - ಛఆͷೝূϝιουʹΑΔϢʔβʔঢ়ଶΛ૊Έ߹Θͤͨ৽͍͠Φϒ δΣΫτ - signInLog +

    ϢʔβʔΦϒδΣΫτ - ϑΟογϯά଱ੑͷ͋ΔύεΩʔೝূ੾ସͷࠜڌɾਪਐঢ়ଶͱͯ͠ ׆༂ ࣮૷Ͱ͖ͨϢʔεέʔεʢݕূฤʣ

21. ՝୊ͱղܾ - σʔλͷແ֐ԽɾԾ໊ԽɾҰఆͷඪ४Խ https://tech.layerx.co.jp/entry/siem2datalake-seclake ✔σʔλιʔεͷಛੑʹ͓͚ΔඇҰ؏ੑ

22. ՝୊ͱղܾ - σʔλίωΫλαʔϏεͷ৑௕ԽɾϙʔϦϯά https://tech.layerx.co.jp/entry/siem2datalake-seclake ✔σʔλίωΫλͷ੍ݶɾඇ֦ுੑ

23. ՝୊ͱղܾ - ΤϯϦονϝϯτɾΫΤϦͷ౷Ұ https://tech.layerx.co.jp/entry/siem2datalake-seclake ✔ϦεΫɾڴҖ౳ΤϯϦονϝϯτͷࠔ೉͞

24. None

25. - ϧʔϧ΍ϓϩηεͷϓϩάϥϜԽ - VCSͷར༻ - CI/CDϫʔΫϑϩʔʹΑΔมߋ - ςετυϦϒϯ σʔλΤϯδχΞϦϯάΛ੒Γཱͨͤͨཁૉ

26. - ϧʔϧ΍ϓϩηεͷϓϩάϥϜԽ - VCSͷར༻ - CI/CDϫʔΫϑϩʔʹΑΔมߋ - ςετυϦϒϯ͸…·ͩͳ͍͕ σʔλΤϯδχΞϦϯάΛ੒Γཱͨͤͨཁૉ

27. ݁ՌతʹDetection EngineeringΛ͍ͯͨ͠ https://engineering.mercari.com/en/blog/entry/20220513-detection-engineering-and-soar-at-mercari/

28. ݁ՌతʹDetection EngineeringΛ͍ͯͨ͠ https://engineering.mercari.com/en/blog/entry/20220513-detection-engineering-and-soar-at-mercari/ ͕ɺ͜Ε͸·ͩݕূͷΈ

29. - ݁࿦ͳΒͳ͍ɻઓज़ɾHow͕มΘΓɺͦΕʹ͋Θ ͤͨ૊৫ӡӦ͕มΘΔ͚ͩɻ - ܇࿅ɺ࠾༻ɺମ੍΋ؚΉ - ߴͭ͘͘Մೳੑ͢Β͋Δ ※ࠓͷͱ͜Ζैྔ՝ۚϕʔεͰ͸͍҆Ͱ͢ ίετ͸҆͘ͳΔ͔ʁ

30. ʮken5͞Μɺ͜ͷίετ͚ͩͲ͞…ʯ

31. - ελʔτΞοϓ͸ࡒ຿ঢ়گ͕γϏΞ - มԽʹΑΔϘϥ͕Ͱ͔͍ - Ϙϥͷ͋Δ؀ڥͰɺ҆ఆతʹʮDEʯͷՁ஋ΛೝΊ ͯ΋ΒΘͳ͍ͱɺϔουΧ΢ϯτҾ͖కΊʹͳΔ Մೳੑ͕͋Δ αεςφϒϧʹܧଓ͢Δʹ͸

32. - ελʔτΞοϓ͸ࡒ຿ঢ়گ͕γϏΞ - มԽʹΑΔϘϥ͕Ͱ͔͍ - Ϙϥͷ͋Δ؀ڥͰɺ҆ఆతʹʮDEʯͷՁ஋ΛೝΊ ͯ΋ΒΘͳ͍ͱɺϔουΧ΢ϯτҾ͖కΊʹͳΔ Մೳੑ͕͋Δ αεςφϒϧʹܧଓ͢Δʹ͸ ࣄۀϦεΫʹඥ͍ͮͨ֬ݻͨΔγφϦΦ͕ඞཁ

33. γφϦΦ: ͓٬༷ʢ౤ࢿՈʣͷࢿۚอޢ

34. ҎԼͷޮՌ͕ݟࠐΊΔ - ΑΓʮࣗ৴ʯAssuranceΛߴΊΒΕΔ - ผͷ໨͕ೖΓɺΑΓ؂ࠪੑ͕͕͋Δ - ؂ࠪͷੜ࢈ੑ޲্

35. None

36. - ϝλσʔλ؅ཧ - σʔλιʔεͷॆ࣮ - ؂ࢹج൫ͷ؂ࢹ - ϕʔεϥΠϯͷॆ࣮ - ࣮ࡍͷςετ

    - Who watches the watchmen ࠓޙͷ՝୊

37. ←Ԡื ໘ஊˠ ←ࡶஊ DM (X): @ken5scal