Slide 1
Slide 1 text
"84ࣄۀຊ෦ίϯαϧςΟϯά෦ɹਿۚɹ৾
ηΩϡϦςΟӡ༻ͷࣗಈԽʹʂ
"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯ
Slide 2
Slide 2 text
࣍
"844FDVSJUZ)VCͱ
"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͷհ
ྑ͍ͱ͜Ζ
ಋೖํ๏
म෮ΞΫγϣϯͷ࣮ߦ
τϥϒϧγϡʔςΟϯά
ΧελϚΠζํ๏
Slide 3
Slide 3 text
ҙࣄ߲
ࠓճઆ໌͢Δ༰
"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͷ
όʔδϣϯΛର
Slide 4
Slide 4 text
"844FDVSJUZ)VCͱ
ηΩϡϦςΟͷϕετϓϥΫςΟεͷνΣοΫΛߦ͍ɺ
ΞϥʔτΛू͠ɺࣗಈम෮ΛՄೳʹ͢Δ
ΫϥυηΩϡϦςΟମ੍ཧαʔϏε
Ҿ༻ɿIUUQTBXTBNB[PODPNKQTFDVSJUZIVC
Slide 5
Slide 5 text
"844FDVSJUZ)VCͷը໘
Slide 6
Slide 6 text
"844FDVSJUZ)VCͷը໘
Slide 7
Slide 7 text
ར༻ՄೳͳηΩϡϦςΟج४
ɾ"84جૅηΩϡϦςΟͷϕετϓϥΫςΟεW
ɾ$*4"84'PVOEBUJPOT#FODINBSLW
ɾ1$*%44W
Slide 8
Slide 8 text
ίϯτϩʔϧͱ
ಛఆͷϦιʔεʹର͢ΔηΩϡϦςΟνΣοΫ߲
ͨͱ͑ʜ
ɾ<&$>ͯ͢ͷ71$Ͱ71$ϑϩʔϩάهΛ
༗ޮʹ͢Δඞཁ͕͋Γ·͢
ɾ<*".>ະ༻ͷ*".Ϣʔβʔೝূใ
আ͢Δඞཁ͕͋Γ·͢
ɾ<3%4>3%4εφοϓγϣοτ
ϓϥΠϕʔτͰ͋Δඞཁ͕͋Γ·͢
Slide 9
Slide 9 text
ίϯτϩʔϧͷ
ηΩϡϦςΟج४͝ͱʹෳͷίϯτϩʔϧ͕ଘࡏ͢Δ
Slide 10
Slide 10 text
ࣗಈम෮Λ࣮͢Δʹ
"NB[PO&WFOU#SJEHFͱΈ߹ΘͤΔ
Slide 11
Slide 11 text
ࣗಈम෮Λ࣮͢Δʹ
"NB[PO&WFOU#SJEHFͱΈ߹ΘͤΔ
ઃܭͲ͏͠Α͏
؆୯ʹ࣮͍ͨ͠
Slide 12
Slide 12 text
"844FDVSJUZ)VC
ࣗಈम෮ιϦϡʔγϣϯͷհ
Slide 13
Slide 13 text
"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͱ
͋Β͔͡Ίఆٛ͞Εͨ
ରԠɾम෮ΞΫγϣϯΛ࣮ߦ͢ΔΞυΦϯ
˞ຊηογϣϯͰWΛϕʔεʹઆ໌
Slide 14
Slide 14 text
ͲͷΑ͏ͳϦιʔε͕࡞ΒΕΔ͔
ෳͷ"84αʔϏεͱΈ߹Θͤ
Ҿ༻ɿIUUQTBXTBNB[PODPNTPMVUJPOTJNQMFNFOUBUJPOTBXTTFDVSJUZIVCBVUPNBUFESFTQPOTFBOESFNFEJBUJPO
Slide 15
Slide 15 text
ࣗಈम෮ιϦϡʔγϣϯͷྑ͍ͱ͜Ζ
ɾ"844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ
ɾϫϯΫϦοΫͰΫϩεΞΧϯτͷम෮͕Ͱ͖Δ
ɾम෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ
ɾࣗಈम෮͕Ͱ͖Δ
Slide 16
Slide 16 text
"844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ
ࣗಈम෮ιϦϡʔγϣϯΛಋೖ͍ͯ͠ͳ͍ঢ়ଶ
Slide 17
Slide 17 text
"844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ
ࣗಈम෮ιϦϡʔγϣϯಋೖޙ
Slide 18
Slide 18 text
ϫϯΫϦοΫͰΫϩεΞΧϯτͷम෮͕Ͱ͖Δ
ཧΞΧϯτ͔ΒϝϯόʔΞΧϯτʹम෮ࢦྩ
Slide 19
Slide 19 text
म෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ
"844ZTUFNT.BOBHFSͷυΩϡϝϯτ͔Β֬ೝՄೳ
Slide 20
Slide 20 text
म෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ
υΩϡϝϯτͷίϯςϯπʹॲཧ༰͕هࡌ
Slide 21
Slide 21 text
ࣗಈम෮͕Ͱ͖Δ
&WFOU#SJEHFϧʔϧ༗ޮԽͰࣗಈम෮0O
Slide 22
Slide 22 text
"844FDVSJUZ)VC
ࣗಈम෮ιϦϡʔγϣϯͷಋೖํ๏
Slide 23
Slide 23 text
ࣗಈम෮ιϦϡʔγϣϯͷಋೖํ๏
ͭͷ$MPVE'PSNBUJPOελοΫΛ࡞͢Δ͚ͩ
ࢀߟϦϯΫʢγϯάϧΞΧϯτ༻खॱʣɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/deployment.html
ɹɹɹɹɹʢϚϧνΞΧϯτ༻खॱʣɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/deployment-stackset.html
Slide 24
Slide 24 text
ࣗಈम෮ιϦϡʔγϣϯͷϚϧνΞΧϯτಋೖ
$MPVE'PSNBUJPO4UBDL4FUTΛར༻͢Δ
Ҿ༻ɿIUUQTEPDTBXTBNB[PODPNFO@VTTPMVUJPOTMBUFTUBVUPNBUFETFDVSJUZSFTQPOTFPOBXTEFQMPZNFOUTUBDLTFUIUNMTUFQTUBDLTFU
Slide 25
Slide 25 text
ࣗಈम෮ιϦϡʔγϣϯͷϚϧνϦʔδϣϯల։
$MPVE'PSNBUJPO4UBDL4FUTͷΦϓγϣϯͰઃఆ
Slide 26
Slide 26 text
աڈόʔδϣϯ͔ΒͷΞοϓάϨʔυํ๏
όʔδϣϯʹΑͬͯҟͳΔ
ɾόʔδϣϯະຬͷ߹
ɹιϦϡʔγϣϯͷΞϯΠϯετʔϧ
ɹιϦϡʔγϣϯͷΠϯετʔϧ
ɹɹ˞όʔδϣϯҎ߱ͷ߹Πϯετʔϧ࣌ͷύϥϝʔλʔ
ɹɹɹ6TFFYJTUJOH0SDIFTUSBUPS-PH(SPVQΛ:FTʹ͢Δ
ࢀߟϦϯΫɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/update-the-solution.html
ɹɹɹɹɹɹhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/uninstall-the-solution.html
Slide 27
Slide 27 text
աڈόʔδϣϯ͔ΒͷΞοϓάϨʔυํ๏
ɾόʔδϣϯҎ߱ͷ߹
ɹˠಋೖ͍ͯ͠Δ$MPVE'PSNBUJPOελοΫΛߋ৽
ɹཧΞΧϯτ༻$MPVE'PSNBUJPOελοΫΛߋ৽
ɹϝϯόʔΞΧϯτ্ͷύʔϛογϣϯߋ৽
ɹϝϯόʔΞΧϯτ༻$MPVE'PSNBUJPOελοΫΛߋ৽
ࢀߟϦϯΫɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/update-the-solution.html
Slide 28
Slide 28 text
म෮ΞΫγϣϯͷ࣮ߦ
Slide 29
Slide 29 text
छྨͷम෮ΞΫγϣϯ
खಈम෮
PS
ࣗಈम෮
Slide 30
Slide 30 text
खಈम෮
म෮ରΛબͼʮΞΫγϣϯʯˠʮ3FNFEJBUFXJUI4)"33ʯ
Slide 31
Slide 31 text
ࣗಈम෮
&WFOU#SJEHFϧʔϧ༗ޮԽͰࣗಈम෮0O
Slide 32
Slide 32 text
म෮ޙͷ4FDVSJUZ)VCͷ݁Ռө
ϫʔΫϑϩʔɿ3&40-7&%ʹมߋ͞ΕΔ
ίϯϓϥΠΞϯεͷεςʔλεɿ͠Βͯ͘͠ө͞ΕΔ
Slide 33
Slide 33 text
म෮༰ΛΓ͍ͨ
ɾϓϨΠϒοΫҰཡ
https://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-
aws/playbooks-1.html
ɾ44.υΩϡϝϯτ͔Βम෮༰Λ֬ೝͰ͖Δ
Slide 34
Slide 34 text
म෮༰ΛΓ͍ͨʢݕࡧྫʣ
4)"33&OBCMF"VUP4DBMJOH(SPVQ&-#)FBMUI$IFDLͷྫ
Ҿ༻ɿIUUQTEPDTBXTBNB[PODPNFO@VTTPMVUJPOTMBUFTUBVUPNBUFETFDVSJUZSFTQPOTFPOBXTQMBZCPPLTIUNM
Slide 35
Slide 35 text
म෮༰ΛΓ͍ͨʢݕࡧྫʣ
ʮ"VUP4DBMJOHʯͰݕࡧͯ͠ΈΔ
Slide 36
Slide 36 text
म෮༰ΛΓ͍ͨʢݕࡧྫʣ
υΩϡϝϯτͷઆ໌λϒ͔Βॲཧ֓ཁΛ֬ೝ
Slide 37
Slide 37 text
τϥϒϧγϡʔςΟϯά
Slide 38
Slide 38 text
ओͳϩά
$MPVE8BUDIϩάάϧʔϓ͔Β֬ೝ
ɹɾ404)"33
ɹɹˠ"844ZTUFNT.BOBHFSʹΑΔम෮݁Ռ
ɹɾ404)"330SDIFTUSBUPS
ɹɹˠ"844UFQ'VODUJPOTͷ࣮ߦ݁Ռ
Slide 39
Slide 39 text
ଞʹ֬ೝͨ͠ํ͕ྑ͍ͱ͜Ζ
ɾ4ZTUFNT.BOBHFS"VUPNBUJPOίϯιʔϧ
ɾ4UFQ'VODUJPOTίϯιʔϧ
ɾ-BNCEBͷίϯιʔϧ
Slide 40
Slide 40 text
τϥϒϧͱରॲྫ
<τϥϒϧ>
ࣗಈम෮ιϦϡʔγϣϯͷ$MPVE'PSNBUJPOελοΫ
࡞Ͱɺ$MPVE8BUDIϩάάϧʔϓ͕طʹଘࡏ͍ͯ͠Δ
Τϥʔ
<ରॲํ๏>
$MPVE'PSNBUJPOελοΫ࡞࣌ͷύϥϝʔλͰ
ϩάάϧʔϓͷ࠶ར༻ΛZFTʹ͢Δ
Slide 41
Slide 41 text
τϥϒϧͱରॲྫ
<τϥϒϧ>
म෮ΞΫγϣϯΛ࣮ߦ͕ͨ͠Կઃఆมߋ͞Εͳ͍ɻ
<ରॲํ๏>
ରͷίϯτϩʔϧ͕म෮ର͔Λ֬ೝ͢Δɻम෮ର
ͷ߹ϩάίϯιʔϧͰঢ়گΛ֬ೝ͢Δɻ
म෮ϓϨΠϒοΫҰཡ
https://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-
aws/playbooks-1.html
Slide 42
Slide 42 text
௨ઃఆ "NB[PO4/4ʣ
4/4τϐοΫ໊ɿ404)"33@5PQJD
௨ϝοηʔδྫ
ɹɾ3FNFEJBUJPO queued for control
in account
ɹɾ3FNFEJBUJPO failed for control
in account
ɹɾ remediation was successfully invoke via AWS Systems Manager
in account
Slide 43
Slide 43 text
௨༰ͷྫʢϝʔϧʣ
{
"severity": "INFO",
"message": "22ca9bc8-0000-4c3e-8bf9-e6dba09a95ec: Remediation succeeded for AFSBP control EC2.2 in account
123456789012: See Automation Execution output for details (AwsEc2SecurityGroup sg-xxxxxxxx)”,
"
fi
nding": {
"
fi
nding_id": "19f9612c-0000-49ed-ab63-254e35a4b1aa",
"
fi
nding_description": "This AWS control checks that the default security group of a VPC does not allow inbound or outbound
traf
fi
c.",
"standard_name": "aws-foundational-security-best-practices",
"standard_version": "1.0.0",
"standard_control": "EC2.2",
"title": "EC2.2 The VPC default security group should not allow inbound and outbound traf
fi
c",
"region": "ap-northeast-1",
"account": “123456789012",
"
fi
nding_arn": “arn:aws:securityhub:ap-northeast-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/
EC2.2/
fi
nding/19f9612c-0000-49ed-ab63-254e35a4b1aa"
}
}
Slide 44
Slide 44 text
ΧελϚΠζํ๏
Slide 45
Slide 45 text
ΧελϚΠζɿ৽͍͠म෮ͷՃ
म෮ 3VOCPPL
Ճͷ͍Ͳ͜Ζ
ɾ৽͘͠Ճ͞Εͨίϯτϩʔϧ༻
ɾιϦϡʔγϣϯͰम෮ॲཧ͕ఏڙ͞Ε͍ͯͳ͍
ɹίϯτϩʔϧ༻
Slide 46
Slide 46 text
3VOCPPLՃखॱ
"844ZTUFNT.BOBHFS"VUPNBUJPO༻ͷ
3VOCPPLʢ%PDVNFOUʣ࡞
*".ϩʔϧͷ࡞
Slide 47
Slide 47 text
3VOCPPL࡞ํ๏ʢҰൠతͳํ๏ʣ
"844ZTUFNT.BOBHFSͷυΩϡϝϯτ͔Β
"VUPNBUJPO༻ͷυΩϡϝϯτΛՃ
Slide 48
Slide 48 text
3VOCPPL࡞ํ๏ʢΑΓָͳํ๏ʣ
͔Β࡞ΔΑΓυΩϡϝϯτͷΫϩʔϯ࡞ͷํ͕͓खܰ
Slide 49
Slide 49 text
3VOCPPL࡞ɿ໊લΛ͚ͭΔ
υΩϡϝϯτ໊ͷ໋໊نଇ͋Γ
4)"33
ηΩϡϦςΟج४ @
ηΩϡϦςΟج४ͷόʔδϣϯ @
ίϯτϩʔϧ
Slide 50
Slide 50 text
3VOCPPL࡞ɿೖྗύϥϝʔλઃఆ
ೖྗύϥϝʔλʹ'JOEJOHͱ"VUPNBUJPO"TTVNF3PMF
͕ඞཁ
Slide 51
Slide 51 text
3VOCPPL࡞ɿॲཧεςοϓهड़
εςοϓ໊ɿʻҙͷ໊લʼ
ΞΫγϣϯλΠϓɿʻҙͷૢ࡞ʼ
ɹˠࠓճྫͱͯ͠
ɹɹεςοϓ໊ɿ4FOE4/4
ɹɹΞΫγϣϯλΠϓɿ"84"1*ΞΫγϣϯΛݺͼग़࣮ͯ͠ߦ
ࢀߟϦϯΫʢΞΫγϣϯλΠϓҰཡʣɿhttps://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/automation-actions.html
Slide 52
Slide 52 text
3VOCPPL࡞ɿݺͼग़͢"84"1*ͷઃఆ
࣮ߦ͍ͨ͠ॲཧΛهड़͢Δ
ࢀߟϦϯΫʢ໊લۭؒͷҰཡʣɿhttps://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/index.html
Slide 53
Slide 53 text
*".ϩʔϧ࡞ɿ*".ϩʔϧͷ࡞
طଘͷ*".ϩʔϧ 40Ͱ࢝·Δͷ
Λࢀߟʹ࡞
*".ϩʔϧ໊ʹ໋໊نଇ͋Γ
403FNFEJBUF
ηΩϡϦςΟج४
ηΩϡϦςΟج४ͷόʔδϣϯ
ίϯτϩʔϧ
ɹˠྫɿ403FNFEJBUF"'4#1&$
Slide 54
Slide 54 text
*".ϩʔϧ࡞ɿ*".ϩʔϧͷઃఆ
<ࢀߟ>৴པϙϦγʔͷ"TTVNF3PMFͷڐՄʹ
ɹɹɹҎԼͷϩʔϧηογϣϯϓϦϯγύϧΛՃ
BSOBXTTUT
"DDPVOU*% BTTVNFESPMF404)"330SDIFTUSBUPS
"ENJO404)"33FYFD"VUPNBUJPO
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::role/SO0111-SHARR-Orchestrator-Member",
"arn:aws:sts:::assumed-role/SO0111-SHARR-Orchestrator-Admin/SO0111-SHARR-execAutomation"
]
},
"Action": "sts:AssumeRole"
}
Slide 55
Slide 55 text
࡞ྃɺࢼ͠ʹ࣮ߦ
खಈम෮Λ࣮ߦ
Slide 56
Slide 56 text
Ͳ͜Ͱࣦഊͨ͠ͷ͔ɿ4UFQ'VODUJPOT
4UFQ'VODUJPOTͷεςʔτϚγϯ
ʮ404)"330SDIFTUSBUPSʯΛ֬ೝ
Slide 57
Slide 57 text
Ͳ͜Ͱࣦഊͨ͠ͷ͔ɿ4ZTUFNT.BOBHFS
4ZTUFNT.BOBHFSͷࣗಈԽʢΦʔτϝʔγϣϯʣͷ
࣮ߦϩάΛ֬ೝ
Slide 58
Slide 58 text
ͲͷεςοϓͰࣦഊ͔ͨ͠
εςʔλε͕ࣦഊͱͳ͍ͬͯΔεςοϓ*%Λબ͢Δ
Slide 59
Slide 59 text
ରεςοϓͷΤϥʔ༰Λ֬ೝ
ࣦഊͷৄࡉ͔ΒɺݪҼΛ֬ೝ͢Δ
Slide 60
Slide 60 text
·ͱΊ
ɾ"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯ
ɹɹྑ͍ͱ͜Ζɿͭͷྑ͍ͱ͜Ζ
ɹɹಋೖํ๏ɿछྨͷ$MPVE'PSNBUJPOελοΫ࡞
ɹɹ͍ํɿखಈम෮ͱࣗಈम෮ɺम෮༰ͷ֬ೝํ๏
ɹɹτϥϒϧγϡʔςΟϯάɿϩάͱίϯιʔϧͷ֬ೝ
ɹɹΧελϚΠζɿ৽͍͠म෮ͷՃ
ɹ
Slide 61
Slide 61 text
No content