Upgrade to Pro — share decks privately, control downloads, hide ads and more …

これが Cloud Native な セキュリティログ分析だ (仮)

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Masayoshi Mizutani Masayoshi Mizutani
February 11, 2018
Technology
7
3.4k

これが Cloud Native な セキュリティログ分析だ (仮)

Cookpad techconf 2018のLTで講演した資料です

Avatar for Masayoshi Mizutani

Masayoshi Mizutani

February 11, 2018
Tweet

More Decks by Masayoshi Mizutani

See All by Masayoshi Mizutani
システム・サービス運用におけるセキュリティ監視の近代的アプローチ /advnet2025-modern-secmon
Avatar for Masayoshi Mizutani mizutani
0
87
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
Avatar for Masayoshi Mizutani mizutani
9
5.7k
MCPの基礎とUbieにおける活用事例 /ubie-mcp
Avatar for Masayoshi Mizutani mizutani
4
2.8k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
Avatar for Masayoshi Mizutani mizutani
9
3.2k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
Avatar for Masayoshi Mizutani mizutani
2
1k
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
Avatar for Masayoshi Mizutani mizutani
0
990
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
Avatar for Masayoshi Mizutani mizutani
7
4.8k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
Avatar for Masayoshi Mizutani mizutani
0
780
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
Avatar for Masayoshi Mizutani mizutani
1
1.2k

Other Decks in Technology

See All in Technology
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
15
400k
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
Avatar for TonyTonyKun thara0402
0
130
プロポーザルに込める段取り八分
Avatar for ShoheiMitani shoheimitani
0
100
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1k
usermode linux without MMU - fosdem2026 kernel devroom
Avatar for Hajime Tazaki thehajime
0
210
CDK対応したAWS DevOps Agentを試そう_20260201
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
1
170
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
Avatar for SansanTech sansantech
PRO
1
180
MCPでつなぐElasticsearchとLLM - 深夜の障害対応を楽にしたい / Bridging Elasticsearch and LLMs with MCP
Avatar for Sashimimochi sashimimochi
0
130
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3k
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
1.9k
AI時代、1年目エンジニアの悩み
Avatar for JINYOUNG KIM jin4
1
160

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
21k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
54
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
170
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
150
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
Avatar for UX Y'all uxyall
0
160
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
120
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
110
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.6k
Done Done
Avatar for chrislema chrislema
186
16k
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
62

Transcript

  1. ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩά෼ੳͩ (Ծ) Cookpad Inc

    2018.2.10

  2. ηΩϡϦςΟ؂ࢹ ΍ͬͯ·͔͢ʁ 2

  3. CookpadͰ΋ؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲౰͸ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜ΢ΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ

    ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥ΢υ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀ຿γεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚Ε͹ͳΒͳ͍෺ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷ৘ใ

  4. 4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯ෼ੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α

  5. 5

  6. SIEMΛஔ͚͹શ෦ղܾͩͱࢥͬͯͨʁ ࢒೦ʂ ɾ؂ࢹର৅ͷ؀ڥͷߏ੒มߋʹऑ͍ ɾ ϩάૹ৴ݩͷ؅ཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗ਎ͷߏ੒มߋ΋ۤख ɾ HAઃఆɺεέʔϧΞ΢τɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋ؅ཧ΍ςετ͕ۤख ɾ

    ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥ΢υ؀ڥ΍ؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍

  7. 7

  8. ͦ΋ͦ΋Կ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ

  9. SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͠΍͍͢ܗࣜʹม׵͢Δ ɾڞ௨͢Δϩάͷଐੑ஋ʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά

  10. SIEMͷػೳ (2) 10 ϩάͷ෼ੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔ΋ͷΛݟ͚ͭΔ ɾύλʔϯϚον΍ϩάͷ਺্͑͛ͳͲ ϩά ϩά ϩά

  11. SIEMͷػೳ (3) 11 ϩάͷอ؅ɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛద੾ʹอ؅͢Δ ɾूΊͨϩά͔Βඞཁͳ৘ใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲౰

  12. SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼ؅ཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠৔߹ɺ୲౰ऀʹ௨஌͢Δ ɾ௨஌ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه࿥͢Δ ηΩϡϦςΟ୲౰

  13. ·ͱΊΔͱ 13

  14. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 14

    SIEMͷػೳ

  15. Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15

  16. SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷ෼ੳΤϯδϯ 3. ϩάͷอ؅ɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼ؅ཧ 16

    AWSͷαʔϏε + α Ͱ୅ସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ

  17. ͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  18. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis

    Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά͸·ͣ4ʹ౤͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ๷͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ࢖͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ͸-BNCEBΛ࢖ͬͯίʔ υ؅ཧˍςετΛॻ͍ͯ$*

  19. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷ෼ੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠෼ੳ w ෼ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞ΢τ w ݕ஌ΤϯδϯͷBUUBDIEFUBDI΋ࣗ༝ࣗࡏ w ΋ͪΖΜϧʔϧ΋ίʔυ؅ཧˍςετ

  20. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอ؅ɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈ૞ࠪ͸(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕௕ظؒʹ౉͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ৔߹ɺ"UIFOB Λ࢖ͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝ଎ͳௐ͕ࠪՄೳ

  21. AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟ؂ࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream

    Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼ؅ཧ w ΦϖϨʔλ΁ͷ௨஌͸1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞੒͠ɺΞϥʔτͷௐࠪʹؔ͢Δ৘ใΛ ूத؅ཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈৘ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ

  22. ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩά෼ੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ

    ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ஌ Ξϥʔτͷൃใ ϩάͷม׵ EC2 Elasticsearch Service ߴ଎ͰΠϯλϥΫςΟϒͳ ୹ظతϩάͷݕࡧ ௕ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾ؅ཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ

  23. 23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ

  24. Cloud Nativeʹ ηΩϡϦςΟ؂ࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফ໣Λ๷͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋ؅ཧˍςετʴCIͱ૬ੑ͕ྑ͍

  25. Thank you 25