managing deep security on microsoft azure. log analytics/visualization
TRANSCRIPT
![Page 1: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/1.jpg)
2016 /07 /07Deep Security User Night #3
くどうじゅん
Managing Deep Securityon Microsoft AzureLog Analytics/Visualization
![Page 2: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/2.jpg)
Deep SecurityをAzureで運用できます?
![Page 3: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/3.jpg)
ブラウザからマネージャで作業
![Page 4: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/4.jpg)
Azureを基盤に運用してみよう
![Page 5: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/5.jpg)
Marketplaceで用意されている
JapanのMarketplaceでは使えない
![Page 6: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/6.jpg)
そうだログ・・・OMS使ってみよう
![Page 7: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/7.jpg)
OperationsManagement Suite
![Page 8: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/8.jpg)
Log Analytics
![Page 9: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/9.jpg)
DSのログをOMSに収集させる
![Page 10: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/10.jpg)
Windows/Linux
Logging
LoggingOMS
こんな感じヒャッハー
Alert
![Page 11: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/11.jpg)
設定は簡単です
![Page 12: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/12.jpg)
DSは Syslogに出力
![Page 13: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/13.jpg)
fluentd
![Page 14: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/14.jpg)
$Udp = New-Object Net.Sockets.UdpClient -ArgumentList 5141$Sender = $null
Add-Type -TypeDefinition @" public enum Syslog_Facility { kern, user, mail, system, security, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, logaudit, logalert, cron, local0, local1, local2, local3, local4, local5, local6, local7, }"@ Add-Type -TypeDefinition @" public enum Syslog_Severity { Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug }"@
while($true) `{ if($Udp.Available) ` { $Buffer = $Udp.Receive([ref]$Sender)
$MessageString = [Text.Encoding]::UTF8.GetString($Buffer)
$Priority = [Int]($MessageString -Replace "<|>.*") [int]$FacilityInt = [Math]::truncate([decimal]($Priority / 8)) $Facility = [Enum]::ToObject([Syslog_Facility], $FacilityInt) [int]$SeverityInt = $Priority - ($FacilityInt * 8 ) $Severity = [Enum]::ToObject([Syslog_Severity], $SeverityInt) $MessageString = "$MessageString $Severity"
$MessageString = $MessageString -Replace "<.*>",""
$MessageString >> c:\temp\syslog.log } [Threading.Thread]::Sleep(500)}
powershell –windowsstyle hidden syslog.ps1 Powershellで Syslogを受信
![Page 15: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/15.jpg)
OMSはカスタムログ
![Page 16: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/16.jpg)
OMSで収集できると
![Page 17: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/17.jpg)
OMSでアラート
![Page 18: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/18.jpg)
さらに一歩進んでみる
![Page 19: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/19.jpg)
Alert Notification
Alert Management
Logging
AlertLoggingOMS
アラートヒャッハー
Log Visualize
![Page 20: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/20.jpg)
Visualization
![Page 21: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/21.jpg)
Logging
EventHubStream Analytics
Log Visualize
HDInsightStorm/Kafka
Visualize
Log Visualize
![Page 22: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/22.jpg)
Think...
![Page 23: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/23.jpg)
Logging
DevOpsSec
SQLServer
HDInsightHive
EventHubAzure ML
Rules Update
Web API
![Page 24: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/24.jpg)
Title•自己紹介
くどうじゅん( Jun Kudo)アイレット株式会社 cloudpack事業部ソリューションアーキテクト
所属団体一般社団法人 LOCAL北海道情報セキュリティ勉強会 /江戸前セキュリティ勉強会ALS/LinuxCon/ContainerCon 今年は 7/13-15OSCHokkaido実行委員 /ISOC-JPAzure/AWSのなんかいろいろ
facebook@level69/twitter@jkudo
![Page 25: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization](https://reader030.vdocuments.mx/reader030/viewer/2022032613/5873bea81a28abbc788b5f9d/html5/thumbnails/25.jpg)
Title
したっけ。