Upgrade to Pro — share decks privately, control downloads, hide ads and more …

これが Cloud Native な セキュリティログ分析だ (仮)

Avatar for Masayoshi Mizutani Masayoshi Mizutani
February 11, 2018
Technology
3.4k
7

これが Cloud Native な セキュリティログ分析だ (仮)

Cookpad techconf 2018のLTで講演した資料です

Avatar for Masayoshi Mizutani

Masayoshi Mizutani

February 11, 2018

More Decks by Masayoshi Mizutani

See All by Masayoshi Mizutani
生成AIの利用とセキュリティ /gen-ai-and-security
Avatar for Masayoshi Mizutani mizutani
1
2.1k
システム・サービス運用におけるセキュリティ監視の近代的アプローチ /advnet2025-modern-secmon
Avatar for Masayoshi Mizutani mizutani
0
120
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
Avatar for Masayoshi Mizutani mizutani
9
6k
MCPの基礎とUbieにおける活用事例 /ubie-mcp
Avatar for Masayoshi Mizutani mizutani
4
3.1k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
Avatar for Masayoshi Mizutani mizutani
9
3.3k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
Avatar for Masayoshi Mizutani mizutani
2
1.2k
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
Avatar for Masayoshi Mizutani mizutani
0
1.1k
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
Avatar for Masayoshi Mizutani mizutani
7
4.9k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
Avatar for Masayoshi Mizutani mizutani
0
810

Other Decks in Technology

See All in Technology
Oracle Cloud Infrastructure:2026年5月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
1
260
Javaで学ぶSOLID原則
Avatar for Negima negima
1
240
Spring Boot における​ AOT Cache 活用テクニックと​ 起動時間改善事例​
Avatar for NTTドコモソリューションズ Java担当 ntt_dsol_java
0
170
AI時代の私の技術インプットとアウトプット術
Avatar for tonkotsuboy_com tonkotsuboy_com
15
7.8k
イベントストーミングとKiroの仕様駆動開発で実現する要件の認識合わせプロセス
Avatar for syobochim syobochim
7
950
Agentic AI時代における メルカリのAIガバナンスとガードレール実装
Avatar for ichihara naoichihara
16
17k
はじめてのDatadog
Avatar for KairiM kairim0
0
220
GitHub Copilot CLIでWebアクセシビリティを改善した話
Avatar for tomokusaba tomokusaba
0
130
管理アカウント単一運用からAWS Organizationsに移行するの大変で滅
Avatar for 平目 hiramax
0
310
マーケットプレイス版Oracle WebCenter Content For OCI
Avatar for oracle4engineer oracle4engineer
PRO
5
1.7k
さきさん文庫の書籍ができるまで
Avatar for H.Saki sakiengineer
0
310
Cloud Run のアップデート 触ってみる&紹介
Avatar for Gre212 gre212
0
240

Featured

See All Featured
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
7.2k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
26k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1.5k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
130
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
270
14k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1033
470k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
940
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
58k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
180
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.9k

Transcript

  1. ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩά෼ੳͩ (Ծ) Cookpad Inc

    2018.2.10

  2. ηΩϡϦςΟ؂ࢹ ΍ͬͯ·͔͢ʁ 2

  3. CookpadͰ΋ؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲౰͸ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜ΢ΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ

    ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥ΢υ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀ຿γεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚Ε͹ͳΒͳ͍෺ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷ৘ใ

  4. 4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯ෼ੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α

  5. 5

  6. SIEMΛஔ͚͹શ෦ղܾͩͱࢥͬͯͨʁ ࢒೦ʂ ɾ؂ࢹର৅ͷ؀ڥͷߏ੒มߋʹऑ͍ ɾ ϩάૹ৴ݩͷ؅ཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗ਎ͷߏ੒มߋ΋ۤख ɾ HAઃఆɺεέʔϧΞ΢τɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋ؅ཧ΍ςετ͕ۤख ɾ

    ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥ΢υ؀ڥ΍ؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍

  7. 7

  8. ͦ΋ͦ΋Կ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ

  9. SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͠΍͍͢ܗࣜʹม׵͢Δ ɾڞ௨͢Δϩάͷଐੑ஋ʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά

  10. SIEMͷػೳ (2) 10 ϩάͷ෼ੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔ΋ͷΛݟ͚ͭΔ ɾύλʔϯϚον΍ϩάͷ਺্͑͛ͳͲ ϩά ϩά ϩά

  11. SIEMͷػೳ (3) 11 ϩάͷอ؅ɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛద੾ʹอ؅͢Δ ɾूΊͨϩά͔Βඞཁͳ৘ใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲౰

  12. SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼ؅ཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠৔߹ɺ୲౰ऀʹ௨஌͢Δ ɾ௨஌ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه࿥͢Δ ηΩϡϦςΟ୲౰

  13. ·ͱΊΔͱ 13

  14. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 14

    SIEMͷػೳ

  15. Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15

  16. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 16

    AWSͷαʔϏε + α Ͱ୅ସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ

  17. ͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  18. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis

    Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά͸·ͣ4ʹ౤͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ๷͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ࢖͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ͸-BNCEBΛ࢖ͬͯίʔ υ؅ཧˍςετΛॻ͍ͯ$*

  19. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷ෼ੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠෼ੳ w ෼ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞ΢τ w ݕ஌ΤϯδϯͷBUUBDIEFUBDI΋ࣗ༝ࣗࡏ w ΋ͪΖΜϧʔϧ΋ίʔυ؅ཧˍςετ

  20. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอ؅ɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈ૞ࠪ͸(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕௕ظؒʹ౉͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ৔߹ɺ"UIFOB Λ࢖ͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝ଎ͳௐ͕ࠪՄೳ

  21. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼ؅ཧ w ΦϖϨʔλ΁ͷ௨஌͸1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞੒͠ɺΞϥʔτͷௐࠪʹؔ͢Δ৘ใΛ ूத؅ཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈৘ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ

  22. ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  23. 23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ

  24. Cloud Nativeʹ ηΩϡϦςΟ؂ࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফ໣Λ๷͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋ؅ཧˍςετʴCIͱ૬ੑ͕ྑ͍

  25. Thank you 25