Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
これが Cloud Native な セキュリティログ分析だ (仮)
Search
Masayoshi Mizutani
February 11, 2018
Technology
7
3.4k
これが Cloud Native な セキュリティログ分析だ (仮)
Cookpad techconf 2018のLTで講演した資料です
Masayoshi Mizutani
February 11, 2018
Tweet
Share
More Decks by Masayoshi Mizutani
See All by Masayoshi Mizutani
システム・サービス運用におけるセキュリティ監視の近代的アプローチ /advnet2025-modern-secmon
mizutani
0
61
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
mizutani
9
5.3k
MCPの基礎とUbieにおける活用事例 /ubie-mcp
mizutani
3
2.5k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
mizutani
9
3.1k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
mizutani
2
890
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
mizutani
0
950
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
mizutani
7
4.7k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
mizutani
0
760
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
mizutani
1
1.2k
Other Decks in Technology
See All in Technology
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
sansan_randd
0
110
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
210
多野優介
tanoyusuke
1
440
GA technologiesでのAI-Readyの取り組み@DataOps Night
yuto16
0
270
OCI Network Firewall 概要
oracle4engineer
PRO
1
7.8k
AI Agentと MCP Serverで実現する iOSアプリの 自動テスト作成の効率化
spiderplus_cb
0
500
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
930
Why Governance Matters: The Key to Reducing Risk Without Slowing Down
sarahjwells
0
110
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
250
生成AIを活用したZennの取り組み事例
ryosukeigarashi
0
200
about #74462 go/token#FileSet
tomtwinkle
1
330
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
170
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
It's Worth the Effort
3n
187
28k
Building Applications with DynamoDB
mza
96
6.6k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
850
Side Projects
sachag
455
43k
Designing Experiences People Love
moore
142
24k
Unsuck your backbone
ammeep
671
58k
What's in a price? How to price your products and services
michaelherold
246
12k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.2k
Fireside Chat
paigeccino
40
3.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
114
20k
A better future with KSS
kneath
239
17k
Transcript
ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩάੳͩ (Ծ) Cookpad Inc
2018.2.10
ηΩϡϦςΟࢹ ͬͯ·͔͢ʁ 2
CookpadͰؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ
ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥυ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀγεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚ΕͳΒͳ͍ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷใ
4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α
5
SIEMΛஔ͚શ෦ղܾͩͱࢥͬͯͨʁ ೦ʂ ɾࢹରͷڥͷߏมߋʹऑ͍ ɾ ϩάૹ৴ݩͷཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗͷߏมߋۤख ɾ HAઃఆɺεέʔϧΞτɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋཧςετ͕ۤख ɾ
ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥυڥؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍
7
ͦͦԿ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ
SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͍͢͠ܗࣜʹม͢Δ ɾڞ௨͢Δϩάͷଐੑʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά
SIEMͷػೳ (2) 10 ϩάͷੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔͷΛݟ͚ͭΔ ɾύλʔϯϚονϩάͷ্͑͛ͳͲ ϩά ϩά ϩά
SIEMͷػೳ (3) 11 ϩάͷอɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛదʹอ͢Δ ɾूΊͨϩά͔ΒඞཁͳใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲
SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠߹ɺ୲ऀʹ௨͢Δ ɾ௨ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه͢Δ ηΩϡϦςΟ୲
·ͱΊΔͱ 13
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 14
SIEMͷػೳ
Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 16
AWSͷαʔϏε + α Ͱସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ
͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis
Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά·ͣ4ʹ͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ-BNCEBΛͬͯίʔ υཧˍςετΛॻ͍ͯ$*
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠ੳ w ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞτ w ݕΤϯδϯͷBUUBDIEFUBDIࣗ༝ࣗࡏ w ͪΖΜϧʔϧίʔυཧˍςετ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈࠪ(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕ظؒʹ͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ߹ɺ"UIFOB ΛͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝͳௐ͕ࠪՄೳ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼཧ w ΦϖϨʔλͷ௨1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞͠ɺΞϥʔτͷௐࠪʹؔ͢ΔใΛ ूதཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ
ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ
Cloud Nativeʹ ηΩϡϦςΟࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফΛ͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋཧˍςετʴCIͱ૬ੑ͕ྑ͍
Thank you 25