managing deep security on microsoft azure. log analytics/visualization

25

２０１６ / ０７ / ０７ Deep Security User Night #3 くくくくくく Managing Deep Security on Microsoft Azure Log Analytics/Visualization

Upload: jun-kudo

Post on 09-Jan-2017

479 views

Category:

Internet

1 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

２０１６ /０７ /０７Deep Security User Night #3

くどうじゅん

Managing Deep Securityon Microsoft AzureLog Analytics/Visualization

Page 2: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Deep SecurityをAzureで運用できます？

Page 3: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

ブラウザからマネージャで作業

Page 4: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Azureを基盤に運用してみよう

Page 5: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Marketplaceで用意されている

JapanのMarketplaceでは使えない

Page 6: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

そうだログ・・・OMS使ってみよう

Page 7: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

OperationsManagement Suite

Page 8: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Log Analytics

Page 9: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

DSのログをOMSに収集させる

Page 10: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Windows/Linux

Logging

LoggingOMS

こんな感じﾋｬｯﾊｰ

Alert

Page 11: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

設定は簡単です

Page 12: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

DSは Syslogに出力

Page 13: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

fluentd

Page 14: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

$Udp = New-Object Net.Sockets.UdpClient -ArgumentList 5141$Sender = $null

Add-Type -TypeDefinition @" public enum Syslog_Facility { kern, user, mail, system, security, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, logaudit, logalert, cron, local0, local1, local2, local3, local4, local5, local6, local7, }"@ Add-Type -TypeDefinition @" public enum Syslog_Severity { Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug }"@

while($true) `{ if($Udp.Available) ` { $Buffer = $Udp.Receive([ref]$Sender)

$MessageString = [Text.Encoding]::UTF8.GetString($Buffer)

$Priority = [Int]($MessageString -Replace "<|>.*") [int]$FacilityInt = [Math]::truncate([decimal]($Priority / 8)) $Facility = [Enum]::ToObject([Syslog_Facility], $FacilityInt) [int]$SeverityInt = $Priority - ($FacilityInt * 8 ) $Severity = [Enum]::ToObject([Syslog_Severity], $SeverityInt) $MessageString = "$MessageString $Severity"

$MessageString = $MessageString -Replace "<.*>",""

$MessageString >> c:\temp\syslog.log } [Threading.Thread]::Sleep(500)}

powershell –windowsstyle hidden syslog.ps1 Powershellで Syslogを受信

Page 15: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

OMSはカスタムログ

Page 16: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

OMSで収集できると

Page 17: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

OMSでアラート

Page 18: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

さらに一歩進んでみる

Page 19: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Alert Notification

Alert Management

Logging

AlertLoggingOMS

ｱﾗｰﾄﾋｬｯﾊｰ

Log Visualize

Page 20: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Visualization

Page 21: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Logging

EventHubStream Analytics

Log Visualize

HDInsightStorm/Kafka

Visualize

Log Visualize

Page 22: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Think...

Page 23: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Logging

DevOpsSec

SQLServer

HDInsightHive

EventHubAzure ML

Rules Update

Web API

Page 24: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Ｔｉｔｌｅ•自己紹介

くどうじゅん（ Jun Kudo）アイレット株式会社 cloudpack事業部ソリューションアーキテクト

所属団体一般社団法人 LOCAL北海道情報セキュリティ勉強会 /江戸前セキュリティ勉強会ALS/LinuxCon/ContainerCon 今年は 7/13-15OSCHokkaido実行委員 /ISOC-JPAzure/AWSのなんかいろいろ

facebook@level69/twitter@jkudo

Page 25: Managing Deep Security on Microsoft Azure. Log Analytics/Visualization

Ｔｉｔｌｅ

したっけ。

Floating on a Hybrid Cloud: SQL Server 2012 & Microsoft Azure · SQL Server Data & Log Files in Microsoft Azure Storage • Ability to move data & log files in Windows Azure Storage,

COLLABORATIVE AI WORKFLOWS - Microsoft Azure › artifact › 20151001 › southpigalle... · Collaborative AI Workflows Platform Data AI ready data Data visualization Clustering

Maxis NB-IoT Challenge Workshop · Create IoT Hub This section describes how to create an IoT hub using the Azure portal. 1. Log in to the Azure portal. 2. Choose +Create a resource,

Implementation of a Log Agent in Microsoft Azurekau.diva-portal.org/smash/get/diva2:820166/FULLTEXT01.pdfImplementation of a Log Agent in Microsoft Azure and packaging it to Azure

New Set Up Federated Login for LastPass Using Azure Active … · 2020. 6. 26. · 1. Log in to your Azure AD portal with your administrator account credentials at . 2. Navigate to

Instruction Guide for the Service Recovery Tool for … For Azure Log in to the Azure management portal and check the cloud services and virtual machine name information on Azure

Microsoft Azure Security and Audit Log Management

IRoot Series of Tutorials - GitHub Pages · Web viewWatch MATLAB command window for progress indicator Visualization of results Visualization of the optimization log Click on “Log”

Data Visualization using Power BI on Azure for a Data ... · on Azure for a Data Insights Service Provider. Business Data Visualization Tools Python, Power BI, Azure Blob Storage,

Securing Microsoft Azure with Qualys · Create application in Azure Active Directory and you can then note the application ID. 1) Log on to the Microsoft Azure console and press Azure

Log Visualization - Bellua BCS 2006

Log in · Web viewYou must log in before using this application. You should log in with an account associated with your Azure Active Directory service. Home Page Go to this page by

Cloud-based Log Analysis and Visualization2010.rmll.info/IMG/pdf/01_marty.pdf · Cloud-based Log Analysis and Visualization mobile-166 My syslog RMLL 2010, Bordeaux, France Ra!ael

Main issues of current 3D displays - Microsoft Azure · • Collaboration. 33 Professional Education for the Security Industry Immersive visualization solutions ... 3D visualization

Cloud-based Log Analysis and Visualization - DeepSec€¦ · Cloud-based Log Analysis and Visualization mobile-166 My syslog ... SaaS - Blind? Application ... • Hands-on, end to

Designing and Implementing an Azure AI Solution · Azure Key Vault: Azure service principals Azure managed identities Azure Security Center Azure Policy Explanation: Explanation:

Operations Management Suite · For an easy onboarding to Azure management and security, you can begin with the core management services. Azure Log Analytics, Azure Automation, Azure

Azure Prime: Azure Mobile Apps Azure Mobile Engagement

WHITE PAPER What is Microsoft Azure, and Why Use It? · View activity on your virtual web servers and respond to traffic patterns or log-in anomalies with the data Azure gathers on

Build, Don’t Buy - sans.org · Build, Don’t Buy Enable Analytics, ... ELK stack Ad hoc log search and visualization for the above logs ... Ingest –Get logs from log producer

Azure: Security Best Practices - CLOUDSEC B - 1630 - Microsoft, Allen Ho.pdfMicrosoft Antimalware for Azure Azure Log Analytics VNET, VPN, NSG Azure Security Center Application Gateway

Microsoft Azure Security and Audit Log Managementdownload.microsoft.com/.../AzureSecurityandAuditLogManagement_… · Microsoft Azure Security and Audit Log Management ... Microsoft

Windows Azure IT Pro IaaS Jump Start Q&A Log Azure IT Pro IaaS Jump Start Q&A Log Live Event Date: January 30, 2014 Page of 16

Digitale Strategien individuell umsetzen · Azure Application Insights Azure Backup Azure Cognitive Services Azure Container Services (Kubernetes) Azure Datalake Analytics Azure Event

Experiences in ELK with D3.js for Large Log Analysis and Visualization

Logstorage連携パック for Azure Activity Log · Azure上のあらゆるログを一元管理 Logstorageの導入により、Azure上で稼動するあらゆるシステムのログや、Azureサービスの操作ロ

IoT Continuum - Sciences · Azure Logic Apps Azure Active Directory Azure Monitor Azure DevOps, Power BI Azure Sphere Azure IoT Device SDK Windows IoT, Data Box Edge Azure Certified

Visualizing AV Data with CesiumJS - Khronos Group...Vehicle log data visualization and troubleshooting 5 TRI Web Tooling Today I will discuss: Cloud-based log viewer for replaying

Azure & Open Source Azure Ecosystem - pershing.com.t€¦ · Azure & Open Source Azure Ecosystem. ... Docker on Azure ... •Jenkins and Hudson Plugins PaaS Websites •Azure Java

Unlocking IoT’s Potential - Extreme Arts · Azure Stream Analytics Azure Storage Azure ML Azure SQL Azure Functions Azure Cognitive Services Azure IoT Central (SaaS) Dynamics Connected

IoT Continuum - Sciences · Azure IoT Hub Azure IoT Hub Device Provisioning Service Azure Digital Twins, Azure Maps Azure Time Series Insights Azure Stream Analytics Azure Cosmos

Microsoft Azure Essentials · Microsoft Azure Essentials Data Visualization and Modeling ... Microsoft Power BI. POWER BI Power BI is a versatile and easy way for everyone in your

Rodney Clark - Sciences · Azure service fabric Smart alerts to web app/ email/SMS Aggregate data for reports Azure blob storage Rest API for web application Disp. Log retrieval and

Cloud Log Analysis and Visualization

Azure RTOS GUIX - download.microsoft.com · Microsoft Azure RTOS, Azure RTOS FileX, Azure RTOS GUIX, Azure RTOS GUIX Studio, Azure RTOS NetX, Azure RTOS NetX Duo, Azure RTOS ThreadX,