セキュリティログ分析基盤の構築 on AWS

Transcript

1. ηΩϡϦςΟϩά෼ੳج൫ͷߏங
   PO"84
   ΫοΫύουגࣜձࣾΠϯϑϥετϥΫνϟʔ෦
   ਫ୩ਖ਼ܚ
   8FE
   
   

   View Slide

2. ࣗݾ঺հˍൃද֓ཁ
   wਫ୩ਖ਼ܚ !N@NJ[VUBOJ
   
   w ೔ຊ*#.ೖࣾ
   w ౦ژجૅݚڀॴ
   w ηΩϡϦςΟࣄۀ෦5PLZP40$
   w ΫοΫύουגࣜձࣾೖࣾ
   w ΠϯϑϥετϥΫνϟʔ෦ηΩϡϦςΟνʔϜ
   wࠓ೔ͷൃද
   
   
   ݄ʹฐࣾ5FDI$POGͷ-5Ͱ࿩ͨ͠಺༰ͷ࠷৽൛Ͱ͢
   

   View Slide

3. ηΩϡϦςΟϩά෼ੳͱ͍͑͹4*&.ɺ͔͠͠Ϋϥ΢υ্ͩͱʜ
   wϩάͷૹ৴ݩΛಈతʹ੍ޚͰ͖ͳ͍
   w ૹ৴ݩʴϩάͷܗࣜͷΤϯτϦΛ؅ཧ͢Δ"1*͕ͳ͍
   w Χλϩά্͸ࣗಈొ࿥͢Δͱݴ͍ͬͯΔ͕͏·͘௥Ճ͞Εͳ͍
   w ΠϯελϯεɾαʔϏεͷ௥Ճɾ࡟আʹରԠ͢Δͷ͕େม
   wશମߏ੒Λؾܰʹ͍͡Εͳ͍
   w ߏ଄্εέʔϧΞ΢τ͢Δ͕खಈˍࣦഊ͢Δͱഁ໓
   w εέʔϧΞ΢τͨ͠΋ͷͷதʹϩά͕࢒ΔͷͰεέʔϧΠϯෆՄ
   w ϩά͕όʔετͨ͠ͱ͖ͷରԠ͕େม
   wϧʔϧͷςετ͕೉͍͠
   w ςετͷͨΊʹෳ਺ߏ੒༻ҙ͢ΔPS࣮؀ڥͰ΍Δ
   w "1*ͳͲͳ͍ͷͰɺ౰વਓखͰؤுΔ
   w ΫΠοΫʹϧʔϧͷௐ੔͕Ͱ͖ͳ͍มߋʹΑΔαΠυΤϑΣΫτͰۤ࿑͢Δ
   
   
   ˞ҰൠԽ͞Εͨ࿩Ͱ͸ͳ͘ɺͱ͋Δ੡඼ͷܦݧʹج͍ͮͨ૝ఆͰ͢
   

   View Slide

4. ઃܭཁ݅
   wো֐΁ͷ଱ੑ
   wੑೳɿ਺ඦ(#೔ͷྲྀྔˍ༰қͳεέʔϧΞ΢τ͕Մೳ
   wมߋཤྺ؅ཧ
   w؇͍ϦΞϧλΠϜੑɿ਺෼ఔ౓ͷ஗Ԇ͸ڐ༰
   wঢ়گʹԠͨ͡ηΩϡϦςΟ෼ੳ
   w ύλʔϯ
   ೔ৗతʹൃੜ͢ΔΞϥʔτͷ෼ੳ
   w ύλʔϯ
   Πϯγσϯτൃੜ࣌ͷ௕ظ෼ੳ
   w ύλʔϯ
   ௕ظؒͷ౷ܭ৘ใऔಘ
   w෼ੳɾରԠͷࣗಈԽ
   
   
   

   View Slide

5. ΞʔΩςΫνϟ֓ཁ
   ϩάϑΝΠϧઃஔͷ
   ΠϕϯτΛݕग़
   Lambda
   Lambda
   Lambda
   Kinesis
   Stream
   S3
   S3 Athena
   ϧʔϧΛ༻͍ͨ
   Ξϥʔτͷݕ஌
   Ξϥʔτͷൃใ
   ϩάͷม׵
   EC2
   Elasticsearch
   Service
   ߴ଎ͰΠϯλϥΫςΟϒͳ
   ୹ظతϩάͷݕࡧ
   ௕ظؒʹΘͨΔ
   ϩάͷݕࡧ
   GHE PagerDuty Slack
   Ξϥʔτͷൃใɾ؅ཧ
   Ξϥʔτͷௐࠪ
   CloudWatch
   Logs/Event,
   GuardDuty,
   CloudTrail
   EC2 instances
   ͦͷଞϓϩμΫτ
   Kinesis
   Stream
   Kinesis
   Stream
   ˞ࡉ͔͍ͱ͜Ζ͸ͪΐͬͱ୺ંͬͯ·͢
   

   View Slide

6. ΞʔΩςΫνϟ֓ཁ ύʔτ෼͚
   
   ϩάϑΝΠϧઃஔͷ
   ΠϕϯτΛݕग़
   Lambda
   Lambda
   Lambda
   Kinesis
   Stream
   S3
   S3 Athena
   ϧʔϧΛ༻͍ͨ
   Ξϥʔτͷݕ஌
   Ξϥʔτͷൃใ
   ϩάͷม׵
   EC2
   Elasticsearch
   Service
   ߴ଎ͰΠϯλϥΫςΟϒͳ
   ୹ظతϩάͷݕࡧ
   ௕ظؒʹΘͨΔ
   ϩάͷݕࡧ
   GHE PagerDuty Slack
   Ξϥʔτͷൃใɾ؅ཧ
   Ξϥʔτͷௐࠪ
   EC2 instances
   ͦͷଞϓϩμΫτ
   Kinesis
   Stream
   Kinesis
   Stream
   ϩάऩूύʔτ ϩάॲཧύʔτ Ξϥʔτॲཧύʔτ
   CloudWatch
   Logs/Event,
   GuardDuty,
   CloudTrail
   

   View Slide

7. ϩάॲཧύʔτ
   
   wϑΝΠϧੜ੒Πϕϯτͷॲཧ

   4ˠ-BNCEBˠ,JOFTJT4USFBN
   
   w 4ͷ$SFBUF0CKFDUΠϕϯτΛ-BNCEBͰड͚ͯ,JOFTJT4USFBNʹྲྀ͢
   w -BNCEBʹ͸௚઀ϩά͸ྲྀͣ͞ʹ4্ͷϑΝΠϧͷΩʔͳͲ࠷௿ݶͷ
   ৘ใ͚ͩΛྲྀ͢
   w ,JOFTJT4USFBNͰΠϕϯτ৘ใΛड͚औͬͨޙଓͷ-BNCEB͕4಺ͷ
   ϑΝΠϧΛಡΈࠐΈϩάσʔλΛऔಘ͢Δ
   
   
   ϩάϑΝΠϧઃஔͷ
   ΠϕϯτΛݕग़
   Lambda
   Lambda
   Kinesis
   Stream
   ϧʔϧΛ༻͍ͨ
   Ξϥʔτͷݕ஌
   ϩάͷม׵
   Kinesis
   Stream
   

   View Slide

8. ϩάॲཧύʔτ
   
   wϩάͷม׵UP(SBZMPH
   w ,JOFTJT4USFBN͔ΒϩάϑΝΠϧઃஔͷΠϕϯτΛड͚औͬͨޙɺ
   ϑΝΠϧΛ4͔ΒಡΈऔΔˠϩάͷύʔεˠ(SBZMPH΁సૹ
   w ύʔα͸ࣗલͰ༻ҙ4ͷόέοτʴύεͰϑΥʔϚοτΛ൑ผ
   w (SBZMPHͷ(&-'ܗࣜʹม׵ͨ͠ޙ5$1Ͱసૹ
   wϩάͷม׵UP"UIFOB
   w -BNCEBͰ"UIFOBʹରԠͨ͠+40/ܗࣜʹม׵
   w (MVFΛ࢖ͬͨม׵ʹͰ͖ͳ͍͔ݕ౼த
   
   
   ϩάϑΝΠϧઃஔͷ
   ΠϕϯτΛݕग़
   Lambda
   Lambda
   Kinesis
   Stream
   ϧʔϧΛ༻͍ͨ
   Ξϥʔτͷݕ஌
   ϩάͷม׵
   Kinesis
   Stream
   

   View Slide

9. Ξϥʔτॲཧύʔτ
   w(JU)VC&OUFSQSJTF ()&
   Λ৘ใू໿ͷج఺ʹ
   w Ξϥʔτ͕ݕ஌͞ΕͨΒ()&ʹ*TTVFΛͨͯͯɺͦ͜ʹؔ࿈৘ใΛί
   ϝϯτͱͯ͠௥ه͠ूதͤ͞Δ
   wؔ࿈৘ใͷࣗಈऩू
   w 7JSVT5PUBMͰͷݕࡧɺ(SBZMPHͰͷؔ࿈ϩάͷݕࡧͳͲ͸ఆܗ࡞ۀͳ
   ͷͰࣗಈͰ()&ʹίϝϯτͤ͞Δ
   w௨஌͸ϝʔϧ4MBDL
   w ηΩϡϦςΟάϧʔϓ಺Ͱϩʔςʔγϣϯ
   
   
   Ξϥʔτͷൃใ
   GHE PagerDuty Slack
   Ξϥʔτͷௐࠪ
   Kinesis
   Stream
   

   View Slide

10. ӡ༻ͷ༷ࢠ
    
    
    

    View Slide

11. 1BHFS%VUZ͕ൃใ
    ʢϝʔϧ4MBDLʣ
    
    
    

    View Slide

12. 
    
    Ξϥʔτ͸()&ͷ
    *TTVFͱͯ͠ىථ
    

    View Slide

13. 
    
    7JSVT5PUBMͷ
    ৘ใ΋ࣗಈͰ௥ه
    

    View Slide

14. 
    
    (SBZMPH͔ΒϩάΛநग़
    ˍ
    ৽ͨͳϩά΋ࢀরͰ͖ΔΑ
    ͏ʹΫΤϦ63-Λίϝϯτ
    

    View Slide

15. 
    
    ඞཁʹԠͯ͡(SBZMPH
    ͰΞϥʔτͷৄࡉௐࠪ
    ·ͨ͸
    *OEJDBUPS͕ྲྀΕ͖ͯͨ
    ͱ͖ʹΫΠοΫʹௐࠪ
    

    View Slide

16. 
    
    ௐࠪɾ෼ੳ݁ՌΛ
    ίϝϯτͱͯ͠
    ॻ͖࢒͢͜ͱͰ
    ஌ݟΛڞ༗
    

    View Slide

17. Thank you
    
    
    

    View Slide