Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
これが Cloud Native な セキュリティログ分析だ (仮)
Search
Masayoshi Mizutani
February 11, 2018
Technology
7
3.4k
これが Cloud Native な セキュリティログ分析だ (仮)
Cookpad techconf 2018のLTで講演した資料です
Masayoshi Mizutani
February 11, 2018
Tweet
Share
More Decks by Masayoshi Mizutani
See All by Masayoshi Mizutani
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
mizutani
6
4.1k
MCPの基礎とUbieにおける活用事例 /ubie-mcp
mizutani
3
2.1k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
mizutani
9
3.1k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
mizutani
2
820
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
mizutani
0
920
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
mizutani
7
4.6k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
mizutani
0
760
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
mizutani
1
1.2k
Amazon Athena を使った セキュリティログ検索基盤の構築 /seclog-athena
mizutani
5
3k
Other Decks in Technology
See All in Technology
DatabricksのOLTPデータベース『Lakebase』に詳しくなろう!
inoutk
0
140
OpenTelemetry の Log を使いこなそう
biwashi
5
1k
With Devin -AIの自律とメンバーの自立
kotanin0
2
430
Webの技術とガジェットで那須の子ども達にワクワクを! / IoTLT_20250720
you
PRO
0
130
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
810
ML Pipelineの開発と運用を OpenTelemetryで繋ぐ @ OpenTelemetry Meetup 2025-07
getty708
0
300
大規模組織にAIエージェントを迅速に導入するためのセキュリティの勘所 / AI agents for large-scale organizations
i35_267
6
290
今日からあなたもGeminiを好きになる
subaruhello
1
620
Kiro Hookを Terraformで検証
ao_inoue
0
120
東京海上日動におけるセキュアな開発プロセスの取り組み
miyabit
0
170
From Live Coding to Vibe Coding with Firebase Studio
firebasethailand
1
240
Jitera Company Deck / JP
jitera
0
180
Featured
See All Featured
Why Our Code Smells
bkeepers
PRO
337
57k
How GitHub (no longer) Works
holman
314
140k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Facilitating Awesome Meetings
lara
54
6.5k
Writing Fast Ruby
sferik
628
62k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
BBQ
matthewcrist
89
9.7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
The Cost Of JavaScript in 2023
addyosmani
51
8.6k
Faster Mobile Websites
deanohume
308
31k
Transcript
ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩάੳͩ (Ծ) Cookpad Inc
2018.2.10
ηΩϡϦςΟࢹ ͬͯ·͔͢ʁ 2
CookpadͰؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ
ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥυ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀγεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚ΕͳΒͳ͍ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷใ
4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α
5
SIEMΛஔ͚શ෦ղܾͩͱࢥͬͯͨʁ ೦ʂ ɾࢹରͷڥͷߏมߋʹऑ͍ ɾ ϩάૹ৴ݩͷཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗͷߏมߋۤख ɾ HAઃఆɺεέʔϧΞτɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋཧςετ͕ۤख ɾ
ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥυڥؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍
7
ͦͦԿ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ
SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͍͢͠ܗࣜʹม͢Δ ɾڞ௨͢Δϩάͷଐੑʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά
SIEMͷػೳ (2) 10 ϩάͷੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔͷΛݟ͚ͭΔ ɾύλʔϯϚονϩάͷ্͑͛ͳͲ ϩά ϩά ϩά
SIEMͷػೳ (3) 11 ϩάͷอɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛదʹอ͢Δ ɾूΊͨϩά͔ΒඞཁͳใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲
SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠߹ɺ୲ऀʹ௨͢Δ ɾ௨ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه͢Δ ηΩϡϦςΟ୲
·ͱΊΔͱ 13
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 14
SIEMͷػೳ
Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 16
AWSͷαʔϏε + α Ͱସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ
͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis
Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά·ͣ4ʹ͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ-BNCEBΛͬͯίʔ υཧˍςετΛॻ͍ͯ$*
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠ੳ w ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞτ w ݕΤϯδϯͷBUUBDIEFUBDIࣗ༝ࣗࡏ w ͪΖΜϧʔϧίʔυཧˍςετ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈࠪ(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕ظؒʹ͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ߹ɺ"UIFOB ΛͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝͳௐ͕ࠪՄೳ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼཧ w ΦϖϨʔλͷ௨1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞͠ɺΞϥʔτͷௐࠪʹؔ͢ΔใΛ ूதཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ
ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ
Cloud Nativeʹ ηΩϡϦςΟࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফΛ͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋཧˍςετʴCIͱ૬ੑ͕ྑ͍
Thank you 25