‹#› Kosho Owa, Solutions Architect, Elastic September 6, 2016 Product Update Elastic{ON} Seminar Tokyo

2 Elastic Cloud Security X-Pack Kibana User Interface Elasticsearch Store, Index,
 & Analyze Ingest Logstash Beats + Elastic Stack Introducing the Elastic Stack, X-Pack, and Cloud Alerting Monitoring Reporting Graph

Ingest 3

Beats: ElasticsearchͷͨΊͷσʔλγούʔ 4 Filebeat ϩάऩूΤʔδΣϯτͷ࣍ੈ୅ελϯμʔυ Winlogbeat 8JOEPXTγεςϜɺΞϓϦέʔγϣϯɺηΩ ϡϦςΟϩά Metricbeat "QBDIF .POHP%# .Z42- /HJOY 3FEJT ;PPLFFQFSɺ04ͳͲͷϝτϦοΫ Packetbeat )551 .Z42- $BTTBOESB %/4ͳͲͷωοτ ϫʔΫύέοτΛϦΞϧλΠϜͰղੳ Libbeat ΧελϜzCFBUTz։ൃ༻ϥΠϒϥϦʔ

Logstash: σʔλऩूɾՃ޻ϓϩάϥϜ 5 ϓϥάΠϯ σʔλऩूͱॲཧͷͨΊͷҎ্ͷϓϥάΠ ϯ ΤϯϦονϝϯτ ϩάɺηϯαʔσʔλɺιʔγϟϧετϦʔϜɺ σʔλετΞͳͲΛΠϯϓοτͱ͠ɺ &MBTUJDTFBSDIͱͷ࿈ܞʹΑΓೖྗσʔλʹ৘ ใΛ෇Ճ ϞχλϦϯά API ϦϞʔτ͔ΒϘτϧωοΫ΍ύϑΥʔϚϯεଌ ఆͷͨΊͷΠϯλʔϑΣΠε .POJUPSJOHʹ౷߹༧ఆ

Store, Index and Analyze 6

Elasticserach: σʔλετΞɺΠϯσοΫεɺ෼ੳ 7 ෼ࢄܕͰ
 εέʔϥϒϧ ճ෮ੑ͕͋ΓߴՄ༻ੑɺεέʔϧΞ΢τΛલఏ ͱͨ͠੡඼σβΠϯ ߏ଄ɺඇߏ଄σʔλΛΠϯσοΫε ։ൃऀ ϑϨϯυϦʔ εΩʔϚϨε Ϛϧνςφϯτ ๛෋ͳΫϥΠΞϯτϥΠϒϥϦ ݕࡧͱ෼ੳ ϦΞϧλΠϜ શจݕࡧ (FP "HHSFHBUJPO ଟݴޠʹରԠ

Cluster Ingest Node: ϩάՄࢹԽͰ͸Logstash͕ෆཁʹ 8 Data node Master node Data node Data node Master node Master node Data node Data node Client node Ingest node Filebeat Kibana N ew in V5

Friendly Index Management APIs: ΠϯσοΫε؅ཧAPI 9 POST logs_write/_rollover { "conditions": { "max_age": "7d", "max_docs": 1000 } } POST src_index/_shrink/dest_index { "settings": { "index.number_of_replicas": 1, "index.number_of_shards": 1 }, "aliases": { "my_search_indices": {} } } POST twitter/_delete_by_query { "query": { "match": { "message": "some message" } } } Rollover Index Shrink Index Delete by Query N ew in V5 ӡ༻ίετͷ࡟ݮʹߩݙ͠·͢

• Ϋϥελʔ਍அ • ࠶ΠϯσοΫε • ഇࢭ༧ఆAPIͷ࢖༻Λه࿥ Migration Helper: 2.x͔ΒͷҠߦΛखॿ͚ 10 N ew in V5 ϓϩϑΣογϣφϧαʔϏε΋͝ར༻Լ͍͞

User Interface 11

Kibana: ՄࢹԽͱ୳ࡧ 12 ൃݟͱಎ࡯ σʔλΛ୳ࡧɺنଇੑΛൃݟͲͷΑ͏ͳϨϕϧ ΁΋υϦϧμ΢ϯ &MBTUJDTFBSDIͷύϫϑϧͳ෼ੳػೳΛར༻ ߏ଄ɺඇߏ଄σʔλ ΧελϚΠζ ͦͯ͠ڞ༗ όʔνϟʔτɺંΕઢάϥϑɺ෼෍ਤɺ஍ਤɺ ώετάϥϜ μογϡϘʔυΛΛγΣΞ͠ɺӡ༻ϫʔΫϑϩ ʔʹ૊ΈࠐΈ Elastic Stack ΁ͷೖΓޱ ՄࢹԽͷͨΊͷ౷Ұతͳ6* &MBTUJD4UBDLͷӡ༻؅ཧ ϓϥάΠϯՄೳͳΞʔΩςΫνϟͰɺಠࣗͷΞ ϓϦέʔγϣϯ͕࡞੒Մೳ

Redesigned UI: ৽͘͠ͳͬͨUI ϑϥοτͳϓϥάΠϯΞΫηε X-Packͱͷ౷߹ 13 N ew in V5

CSV Upload 1GB·ͰͷCSVϑΝΠϧΛμΠϨ ΫτʹΠϯϙʔτ 14 N ew in V5

X-Pack 15

X-Pack: Elastic Stackͷ෇ՃՁ஋ػೳ 16 \ SECURITY ANALYTICS LOG ANALYTICS METRICS ANALYTICS OPERATIONAL ANALYTICS EMBEDDED SEARCH APPLICATION SEARCH lock down your data and monitor access get notified when something changes in your data monitor the health of your Elasticsearch cluster(s) explore meaningful relationships in your data generate PDF reports to share your insights Security Alerting Monitoring Graph Analytics Reporting

Security: ҉߸ԽͱϩʔϧϕʔεͷΞΫηε੍ޚ ҉߸Խ • KibanaɺElasticsearchͷΤϯυϙΠ ϯτ΁ͷHTTPS௨৴ • Ϋϥελʔ಺ͷ௨৴ ΞΫηε੍ޚ • ID/PasswordʹΑΔϢʔβೝূ • ωΠςΟϒɺLDAPɺAD࿈ܞ • KibanaͷϩάΠϯμΠΞϩά • ϩʔϧ͝ͱʹΠϯσοΫεɺAPI΁ͷ ΞΫηεΛ੍ݶ 17

Security thru Kibana: ωΠςΟϒϢʔβ؅ཧ Kibana͔ΒϢʔβɺϩʔϧΛ؅ཧ Ϣʔβຖͷύεϫʔυมߋػೳ 18 N ew in V5

Alerting - σʔλͷมԽΛ௨஌ 19 1 2 3 εέδϡʔϧ ίϯσΟγϣϯ ΞΫγϣϯ w ಛఆͷ࣌ؒ w Πϯλʔόϧ w $SPOUBCॻࣜ w ͢΂ͯͷΫΤϦʔͱ
 "HHSFHBUJPO w ෳ਺ͷσʔλιʔε w ϝʔϧ w ΢ΣϒϑοΫ w 4MBDL w ΠϯσοΫε w ϩά w ͳͲ

Monitoring - ΫϥελʔɺϊʔυɺΠϯσοΫεͷ؂ࢹ • ElasticsearchΫϥελʔɺϊʔυɺ ΠϯσοΫεͷϝτϦοΫΛϦΞϧ λΠϜͰ؂ࢹ • ӡ༻্ͷ܏޲Λ೺Ѳɺ໰୊Λൃݟ • ΫϥελʔɺΞϓϦέʔγϣϯͷ࠷ దԽ • ΩϟύγςΟϓϥχϯά 20

Graph - σʔλؒͷؔ܎ΛՄࢹԽ • Elasticsearchͷsearch΍relevancyͷػ ೳΛ࢖༻ͯ͠ҙຯͷ͋Δؔ܎Λൃݟ • طଘͷΠϯσοΫεΛར༻ • ϦΞϧλΠϜ͔ͭεέʔϥϒϧ 21

Reporting - KibanaͷDashboardΛΤΫεϙʔτ • PDF΋͘͠͸CSVΛੜ੒ • ඇKibanaϢʔβͱڞ༗ • खಈɺ΋͘͠͸Alertingͱͷ૊Έ߹Θ ͤͰεέδϡʔϧɺ΋͘͠͸ಛఆͷΠ ϕϯτ͕ൃੜͨ͠৔߹ʹ࡞੒ 22 N ew in V5 Earthquake - Depth Timeseries Earthquake - Heatmap Earthquake — Sun, Jan 1, 2006 12:00 AM to Fri, Sep 2, 2016 5:54 AM

Elastic Cloud 23

Hosted Elasticsearch & Kibana on AWS • Elasticͷ੡඼܈ͱಉظͨ͠࠷৽൛ͷఏڙ • εέʔϧΞ΢τɾΞοϓάϨʔυΛ਺ΫϦοΫͰ • ແྉͷKibanaΠϯελϯεͱ30෼͝ͱͷόοΫΞ οϓ • X-Packػೳ (Security, Alerting, Monitoring) • ݄ʑ45USD͔Β 24 Elastic Stackͷ։ൃऀʹΑΔ།Ұͷ ެࣜ Elasticsearch as a Service SLAϕʔεͷαϙʔτΦϓγϣϯ΋ఏڙ͍ͯ͠·͢

ΠϯελϯεαΠζݟੵ΋Γ࣌ͷݕ౼ࣄ߲ 25 υΩϡϝϯτݕࡧ ର৅υΩϡϝϯτ(αΠζ) Ϛοϐϯά (ݕࡧϑΟʔϧυ) ୯Ґ࣌ؒ͋ͨΓͷݕࡧ਺ औಘυΩϡϝϯτ਺ ಉ࣌઀ଓ਺ ϨΠςϯγʔ ϩάͷՄࢹԽ ϩάͷαΠζ อଘظؒ ୯Ґ࣌ؒ͋ͨΓͷ౤ೖϨίʔυ਺ Dashboardͷෳࡶ͞ KibanaϢʔβʔ਺ ۩ମతͳํ๏ͳͲɺ͝૬ஊ͍ͩ͘͞

Demo 26

27 ੈքͷ஍਒ ϝʔϧ͚͍ͪ͠ΐ͏ Graph