Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
これが Cloud Native な セキュリティログ分析だ (仮)
Search
Masayoshi Mizutani
February 11, 2018
Technology
7
3.3k
これが Cloud Native な セキュリティログ分析だ (仮)
Cookpad techconf 2018のLTで講演した資料です
Masayoshi Mizutani
February 11, 2018
Tweet
Share
More Decks by Masayoshi Mizutani
See All by Masayoshi Mizutani
MCPの基礎とUbieにおける活用事例 /ubie-mcp
mizutani
3
1.7k
クラウドセキュリティのベストプラクティスと実装例 /cloudsec-bestpractice-example
mizutani
9
3k
汎用ポリシー言語Rego + OPAと認可・検証事例の紹介 / Introduction Rego & OPA for authorization and validation
mizutani
2
780
Ubieにおけるセキュリティ課題管理の自動化 / ubie-sec-issue-automation
mizutani
0
890
Trivy + Regoを用いたパッケージ脆弱性管理 /trivy-rego
mizutani
7
4.6k
リモートワークを支える 社内セキュリティ基盤の構築と運用 /secueiry-for-wfh
mizutani
0
740
SOARによるセキュリティ監視業務の効率化とSecOps /soar-and-secops
mizutani
1
1.1k
Amazon Athena を使った セキュリティログ検索基盤の構築 /seclog-athena
mizutani
5
3k
Webサービス事業会社におけるEDRの検討と導入の事例 /falcon2019
mizutani
1
790
Other Decks in Technology
See All in Technology
解析の定理証明実践@Lean 4
dec9ue
0
170
OpenHands🤲にContributeしてみた
kotauchisunsun
1
420
rubygem開発で鍛える設計力
joker1007
2
190
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
PostgreSQL 18 cancel request key長の変更とRailsへの関連
yahonda
0
120
Definition of Done
kawaguti
PRO
6
480
地図も、未来も、オープンに。 〜OSGeo.JPとFOSS4Gのご紹介〜
wata909
0
110
データプラットフォーム技術におけるメダリオンアーキテクチャという考え方/DataPlatformWithMedallionArchitecture
smdmts
5
620
Amazon ECS & AWS Fargate 運用アーキテクチャ2025 / Amazon ECS and AWS Fargate Ops Architecture 2025
iselegant
16
5.3k
製造業からパッケージ製品まで、あらゆる領域をカバー!生成AIを利用したテストシナリオ生成 / 20250627 Suguru Ishii
shift_evolve
PRO
1
130
AWS アーキテクチャ作図入門/aws-architecture-diagram-101
ma2shita
29
10k
米国国防総省のDevSecOpsライフサイクルをAWSのセキュリティサービスとOSSで実現
syoshie
2
1k
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Optimizing for Happiness
mojombo
379
70k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
A designer walks into a library…
pauljervisheath
206
24k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
BBQ
matthewcrist
89
9.7k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
A better future with KSS
kneath
239
17k
Gamification - CAS2011
davidbonilla
81
5.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Transcript
ਫ୩ਖ਼ܚ ΠϯϑϥετϥΫνϟʔ෦ ͜Ε͕ Cloud Native ͳ ηΩϡϦςΟϩάੳͩ (Ծ) Cookpad Inc
2018.2.10
ηΩϡϦςΟࢹ ͬͯ·͔͢ʁ 2
CookpadͰؤு͍ͬͯ·͕͢ 3 ηΩϡϦςΟ୲ؾʹͳΔ͜ͱ͕ͨ͘͞Μ ϥϯαϜΣΞ 42-*OKFUJPO EBZ"UUBDL 944 όϥϚΩܕϝʔϧ߈ܸ $43' %SJWFCZ%PXOMPBE߈ܸ
ඪతܕ߈ܸ ηΩϡϦςΟઃఆϛε ύεϫʔυϦετܕ߈ܸ Ϋϥυ্ͷΠϯελϯε 1BB4 ࣾһ͕ར༻͢Δ1$ ΦϑΟεωοτϫʔΫ ֎෦ͱͷϝʔϧ ۀγεςϜ "DUJWF%JSFDUPSZ ΦϯϥΠϯετϨʔδ कΒͳ͚ΕͳΒͳ͍ͨͪ ߈ܸͯ͘͠Δऀͨͪ Ϣʔβͷใ
4 SIEM ʢηΩϡϦςΟؔ࿈ͷϩάɾσʔλΛ͔͖ूΊͯੳ͢ΔϓϩμΫτʣ Security Information and Event Manager ͦ͜Ͱ Ͱ͢Α
5
SIEMΛஔ͚શ෦ղܾͩͱࢥͬͯͨʁ ೦ʂ ɾࢹରͷڥͷߏมߋʹऑ͍ ɾ ϩάૹ৴ݩͷཧ͕େมɺύʔαͱ͔࡞Δඞཁ༗ ɾࣗͷߏมߋۤख ɾ HAઃఆɺεέʔϧΞτɺϥΠηϯεܗଶɺetc ɾϧʔϧͷมߋཧςετ͕ۤख ɾ
ಠࣗUIɺϚχϡΞϧૢ࡞ 6 Ϋϥυڥؔ࿈πʔϧͱ૬ੑ͕͋·ΓΑ͘ͳ͍
7
ͦͦԿ͕͍ͨ͠ͷ͔ʁ 8 SIEMͷػೳ͔ΒৼΓฦΓ
SIEMͷػೳ (1) 9 ϩάͷऩूͱਖ਼نԽ SIEM ɾϩάΛूΊͯॲཧ͍͢͠ܗࣜʹม͢Δ ɾڞ௨͢Δϩάͷଐੑʢ࣌ࠁɺ*1ΞυϨεͳͲʣΛͦΖ͑Δ ϩά ϩά ϩά
SIEMͷػೳ (2) 10 ϩάͷੳΤϯδϯ SIEM ɾूΊͨϩά͔ΒΞϥʔτʹͳΔͷΛݟ͚ͭΔ ɾύλʔϯϚονϩάͷ্͑͛ͳͲ ϩά ϩά ϩά
SIEMͷػೳ (3) 11 ϩάͷอɾݕࡧ SIEM ϩά ϩά ɾूΊͨϩάΛదʹอ͢Δ ɾूΊͨϩά͔ΒඞཁͳใΛݕࡧͰ͖Δ ηΩϡϦςΟ୲
SIEMͷػೳ (4) 12 Ξϥʔτͷൃใ͓Αͼཧ SIEM ɾΞϥʔτ͕ൃੜͨ͠߹ɺ୲ऀʹ௨͢Δ ɾ௨ͨ͠Ξϥʔτ͕ͲͷΑ͏ʹରԠ͞Ε͔ͨه͢Δ ηΩϡϦςΟ୲
·ͱΊΔͱ 13
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 14
SIEMͷػೳ
Cloud NativeͰ ྑ͍ײ͡ʹ͍ͨ͠ 15
SIEMΛ࠶ߟ͢Δ 1. ϩάͷऩूͱਖ਼نԽ 2. ϩάͷੳΤϯδϯ 3. ϩάͷอɾݕࡧ 4. Ξϥʔτͷൃใ͓Αͼཧ 16
AWSͷαʔϏε + α Ͱସͯ͠ΈΔ → CloudWatch + Fluentd + S3 + Lambdaແ → Lambdaແ → S3 + Graylog + AWS Athenaແ → PagerDuty + GHEແ
͜͏ͳͬͨ 17 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (1/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ ʜ Lambda Lambda Lambda Kinesis
Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷऩूͱਖ਼نԽ 18 w ͱʹ͔͘ϩά·ͣ4ʹ͛ࠐΉ w ॲཧͷલஈͰ·ͣอଘ͢Δ͜ͱͰϩά ଛࣦͷࣄނΛ͙ w ϑϧϚωʔδυ͔ͭεέʔϥϒϧͳ4 Λ͏͜ͱͰӡ༻ෛՙΛԼ͛Δ w ϩάͷਖ਼نԽ-BNCEBΛͬͯίʔ υཧˍςετΛॻ͍ͯ$*
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (2/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷੳΤϯδϯ 19 w 4ʹϑΝΠϧ͕อଘ͞ΕͨΠϕϯτΛ͏͚ ͱͬͨ-BNCEB'VODUJPO͕ϩάΛಡΈ ग़ͯ͠ੳ w ੳΤϯδϯΛૄ݁߹ʹઃܭ͢Δ͜ͱͰɺ ༰қʹεέʔϧΞτ w ݕΤϯδϯͷBUUBDIEFUBDIࣗ༝ࣗࡏ w ͪΖΜϧʔϧίʔυཧˍςετ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (3/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ ϩάͷอɾݕࡧ 20 w ࠷ॳʹΞϥʔτ͕ൃใ͞Εͨࡍ ͷॳಈࠪ(SBZMPHͰࣗ༝ ʹݕࡧඞཁͳϩάͷநग़ w Ξϥʔτ͕ظؒʹ͍ͬͯΔ ͜ͱ͕Θ͔ͬͨ߹ɺ"UIFOB ΛͬͯେྔͷϩάΛݕࡧͯ͠ աڈʹḪͬͨਝͳௐ͕ࠪՄೳ
AWSαʔϏεʴαͰ࡞ΔηΩϡϦςΟࢹΞʔΩςΫνϟ (4/4) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ Lambda Lambda Lambda Kinesis Stream
Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ 21 Ξϥʔτͷൃใ͓Αͼཧ w ΦϖϨʔλͷ௨1BHFS%VUZ 4MBDLΛར༻ w ൃใͱಉ࣌ʹ(JUIVC&OUFSQSJTFʹJTTVFΛν έοτͱͯ͠࡞͠ɺΞϥʔτͷௐࠪʹؔ͢ΔใΛ ूதཧ w ͞Βʹࣗಈతʹ-BNCEB͕Ξϥʔτͷؔ࿈ใΛ֎ ෦αΠτ͔Βݕࡧ͠νέοτʹ͓·ͱΊ͢Δ
ʢ࠶ܝʣ 22 ͜Ε͕ Cloud Native ͳηΩϡϦςΟϩάੳͩ (Ծ) ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ ʜ
ʜ Lambda Lambda Lambda Kinesis Stream Kinesis Stream S3 S3 S3 S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Kinesis Stream Ξϥʔτͷௐࠪ CloudWatch Logs/Event EC2 instances ͦͷଞϓϩμΫτ
23 ࣮ࡍͷΦϖϨʔγϣϯͷ༷ࢠ
Cloud Nativeʹ ηΩϡϦςΟࢹΛߏங͢ΔϝϦοτ 24 (1) ϚωʔδυαʔϏεͷར༻ʹΑΓӡ༻ͷফΛ͛Δ (2) طଘαʔϏεͷ͍͍ͱ͜औΓ͕Ͱ͖Δ (3) ίʔυมߋཧˍςετʴCIͱ૬ੑ͕ྑ͍
Thank you 25