ãããããOSINT ãšã¯äœãããåç¥ã§ãShodan æ€çŽ¢ãšã³ãžã³ã䜿çšããããšããããããã§ã« Threat Intelligence ãã©ãããã©ãŒã ã䜿çšããŠããŸããŸãªãã£ãŒãããã® IOC ã«åªå
é äœãä»ããŠãããããããŸãããããããå Žåã«ãã£ãŠã¯ãåžžã«äŒç€Ÿãå€éšãã芳å¯ããç¹å®ãããã€ã³ã·ãã³ããæé€ããããã«æ¯æŽãåŸãå¿
èŠããããŸãã
æ¬è³ªçã«ãããžã¿ã« ã·ã£ããŠã¯æ¢åã® SOC ã調åçã«è£å®ããããæ©èœãå®å šã«ã«ããŒããŸãã å€åšã®è¿œè·¡ããšã³ã·ã¹ãã 㯠2011 幎ããæ§ç¯ãããŠãããå éšã§ã¯å€ãã®èå³æ·±ãæ©èœãå®è£ ãããŠããŸãã DS_ ã¯ã€ã³ã¿ãŒãããããœãŒã·ã£ã« ã¡ãã£ã¢ãç£èŠããŸãããããã¯ãŒã¯ãããŒã¯ããããåæããæ å ±ã®æµãå šäœããéèŠãªãã®ã ããç¹å®ããŸãã
é±åãã¥ãŒã¹ã¬ã¿ãŒã§
Digital Shadows ã¯ããã£ãã·ã³ã° ãã¡ã€ã³ããœãŒã·ã£ã« ãããã¯ãŒã¯äžã®åœã¢ã«ãŠã³ããæ€åºããŠæå¶ã§ããŸããæŒæŽ©ããåŸæ¥å¡ã®èªèšŒæ
å ±ãæŒæŽ©ããããŒã¿ãçºèŠããäŒæ¥ã«å¯Ÿããå·®ãè¿«ã£ããµã€ããŒæ»æã«é¢ããæ
å ±ãç¹å®ããçµç¹ã®ãããªãã¯å¢çãåžžã«ç£èŠããããã«ã¯ãµã³ãããã¯ã¹å
ã®ã¢ãã€ã« ã¢ããªã±ãŒã·ã§ã³ãå®æçã«åæããŸãã
ããžã¿ã«ãªã¹ã¯ã®ç¹å®
åäŒæ¥ã¯ãã®æŽ»åã®éçšã§ã¯ã©ã€ã¢ã³ããããŒãããŒãšã®ã€ãªãããç²åŸããŠãããä¿è·ããããšããŠããããŒã¿ã¯ãŸããŸãè匱ã«ãªãããã®éã¯å¢å ããäžæ¹ã§ãã
ãããã®ãªã¹ã¯ã®ç®¡çãéå§ããã«ã¯ãäŒæ¥ã¯å¢çã®åããåŽã«ç®ãåãããããå¶åŸ¡ããå€åã«é¢ããæ
å ±ãå³åº§ã«ååŸãå§ããå¿
èŠããããŸãã
ããŒã¿æ倱ã®æ€åº (æ©å¯ææžãã¢ã¯ã»ã¹å¯èœãªåŸæ¥å¡ãæè¡æ
å ±ãç¥ç財ç£)ã
ç¥ç財ç£ãã€ã³ã¿ãŒãããäžã«å
¬éãããããå
éšæ©å¯ã³ãŒãã誀ã£ãŠ GitHub ãªããžããªã«æŒæŽ©ããããããšæ³åããŠãã ãããæ»æè
ã¯ãã®ããŒã¿ã䜿çšããŠãããæšçãçµã£ããµã€ããŒæ»æãä»æããããšãã§ããŸãã
ãªã³ã©ã€ã³ãã©ã³ãã»ãã¥ãªã㣠(ãœãŒã·ã£ã«ãããã¯ãŒã¯äžã®ãã£ãã·ã³ã°ãã¡ã€ã³ãšãããã£ãŒã«ãäŒç€Ÿãæš¡å£ããã¢ãã€ã«ãœãããŠã§ã¢)ã
çŸåšãæœåšé¡§å®¢ãšå¯Ÿè©±ããããã®ãœãŒã·ã£ã« ãããã¯ãŒã¯ãåæ§ã®ãã©ãããã©ãŒã ãæããªãäŒæ¥ãèŠã€ããã®ã¯å°é£ã§ãããããæ»æè
ã¯ãã®äŒæ¥ã®ãã©ã³ãã«ãªãããŸãããšããŸãããµã€ããŒç¯çœªè
ã¯ãåœã®ãã¡ã€ã³ããœãŒã·ã£ã« ã¡ãã£ã¢ ã¢ã«ãŠã³ããã¢ãã€ã« ã¢ããªãç»é²ããããšã§ãããè¡ããŸãããã£ãã·ã³ã°/è©æ¬ºãæåãããšãåçã顧客ãã€ã€ã«ãã£ãä¿¡é Œã«åœ±é¿ãäžããå¯èœæ§ããããŸãã
æ»æ察象é åã®åæž (ã€ã³ã¿ãŒãããå¢çäžã®è匱ãªãµãŒãã¹ãéããŠããããŒããåé¡ã®ãã蚌ææž)ã
IT ã€ã³ãã©ã¹ãã©ã¯ãã£ãæé·ããã«ã€ããŠãæ»æ察象é åãšæ
å ±ãªããžã§ã¯ãã®æ°ã¯å¢å ãç¶ããŠããŸããé
ããæ©ãããããŒã¿ããŒã¹ãªã©ã®å
éšã·ã¹ãã ã誀ã£ãŠå€éšã«å
¬éãããå¯èœæ§ããããŸãã
DS_ ã¯ãæ»æè ãæªçšããåã«åé¡ãéç¥ããæãåªå 床ã®é«ãåé¡ã匷調衚瀺ããã¢ããªã¹ãããããªãã¢ã¯ã·ã§ã³ãæšå¥šãããããããã«ãã€ã¯ããŠã³ãè¡ãããšãã§ããŸãã
ã€ã³ã¿ãŒãã§ãŒã¹ DS_
ãœãªã¥ãŒã·ã§ã³ã® Web ã€ã³ã¿ãŒãã§ã€ã¹ãçŽæ¥äœ¿çšããããšããAPI ã䜿çšããããšãã§ããŸãã
ã芧ã®ãšãããåææŠèŠã¯ãã¡ãã«ã®åœ¢åŒã§è¡šç€ºãããã¡ã³ã·ã§ã³ã®æ°ããå§ãŸããããŸããŸãªæ å ±æºããåãåã£ãå®éã®ã€ã³ã·ãã³ãã§çµãããŸãã
å€ãã®äººããã®ãœãªã¥ãŒã·ã§ã³ããæ
å ±ã»ãã¥ãªãã£åéã§ã®æŽ»åäžã®æ»æè
ããã®ãã£ã³ããŒã³ãã€ãã³ãã«é¢ããæ
å ±ãèšèŒããããŠã£ãããã£ã¢ãšããŠäœ¿çšããŠããŸãã
Digital Shadows ã¯ãããããå€éšã·ã¹ãã ã«ç°¡åã«çµ±åã§ããŸããéç¥ãš REST API ã®äž¡æ¹ãã·ã¹ãã ãžã®çµ±åã®ããã«ãµããŒããããŠããŸãã IBM QRadarãArcSightãDemistoãAnomaliãããã³
ããžã¿ã« ãªã¹ã¯ã管çããæ¹æ³ - 4 ã€ã®åºæ¬ã¹ããã
ã¹ããã 1: ããžãã¹ã«äžå¯æ¬ ãªè³ç£ãç¹å®ãã
ãã¡ããããã®æåã®ã¹ãããã¯ãçµç¹ãäœãæãéèŠããäœãä¿è·ãããã®ããç解ããããšã§ãã
äž»èŠãªã«ããŽãªã«åé¡ã§ããŸãã
- 人ã (顧客ãåŸæ¥å¡ãããŒãããŒããµãã©ã€ã€ãŒ);
- çµç¹ïŒé¢é£äŒç€Ÿããã³ãµãŒãã¹äŒç€Ÿãäžè¬ã€ã³ãã©ïŒ;
- ã·ã¹ãã ããã³éçšäžéèŠãªã¢ããªã±ãŒã·ã§ã³ (Web ãµã€ããããŒã¿ã«ã顧客ããŒã¿ããŒã¹ãæ¯æåŠçã·ã¹ãã ãåŸæ¥å¡ã¢ã¯ã»ã¹ ã·ã¹ãã ããŸã㯠ERP ã¢ããªã±ãŒã·ã§ã³)ã
ãã®ãªã¹ããäœæãããšãã¯ãã·ã³ãã«ãªèãæ¹ã«åŸãããšããå§ãããŸããè³ç£ã¯ãäŒç€Ÿã®éèŠãªããžãã¹ ããã»ã¹ãŸãã¯çµæžçã«éèŠãªæ©èœã«é¢é£ãããã®ã§ããå¿ èŠããããŸãã
éåžžã次ã®ãããªæ°çŸã®ãªãœãŒã¹ãè¿œå ãããŸãã
- äŒç€Ÿåã
- ãã©ã³ã/åæšã
- IP ã¢ãã¬ã¹ç¯å²ã
- ãã¡ã€ã³;
- ãœãŒã·ã£ã«ãããã¯ãŒã¯ãžã®ãªã³ã¯ã
- ãµãã©ã€ã€ãŒ;
- ã¢ãã€ã«ã¢ããªã±ãŒã·ã§ã³ã
- ç¹èš±çªå·;
- ææžã«ããŒãã³ã°ããã
- DLP ID;
- é»åã¡ãŒã«ã®çœ²åã
ãµãŒãã¹ãããŒãºã«åãããŠèª¿æŽããããšã§ãé¢é£ããã¢ã©ãŒãã®ã¿ãåä¿¡ã§ããããã«ãªããŸããããã¯å埩ãµã€ã¯ã«ã§ãããã·ã¹ãã ã®ãŠãŒã¶ãŒã¯ãæ°ãããããžã§ã¯ãã®ã¿ã€ãã«ãä»åŸã®å䜵ãšè²·åãæŽæ°ããã Web ãã¡ã€ã³ãªã©ã®è³ç£ãå©çšå¯èœã«ãªã£ããšãã«è¿œå ããŸãã
ã¹ããã 2: æœåšçãªè åšãç解ãã
ãªã¹ã¯ãæé©ã«èšç®ããã«ã¯ãäŒæ¥ã®æœåšçãªè åšãšããžã¿ã« ãªã¹ã¯ãç解ããå¿ èŠããããŸãã
- æ»æè
ã®ãã¯ããã¯ãæŠè¡ãããã³æé (TTP)
ãã¬ãŒã ã¯ãŒã¯MITER ATTïŒCK ãªã©ã¯ãé²åŸ¡ãšæ»æã®éã®å ±éèšèªãèŠã€ããã®ã«åœ¹ç«ã¡ãŸããå¹ åºãæ»æè ã®æ å ±ãåéããè¡åãç解ããããšã§ãé²åŸ¡ããéã«éåžžã«åœ¹ç«ã€ã³ã³ããã¹ããåŸãããŸããããã«ããã芳å¯ãããæ»æã®æ¬¡ã®ã¹ããããç解ãããã以äžã«åºã¥ããŠä¿è·ã®äžè¬çãªæŠå¿µãæ§ç¯ãããã§ããŸãããã«ãã§ãŒã³ . - æ»æè
ã®èœå
æ»æè ã¯æã匱ããªã³ã¯ãŸãã¯æçãã¹ã䜿çšããŸããããŸããŸãªæ»æãã¯ãã«ãšãã®çµã¿åãã - ã¡ãŒã«ãWebãååçãªæ å ±åéãªã©ã
ã¹ããã 3: ããžã¿ã«è³ç£ã®æãŸãããªãåºçŸãç£èŠãã
è³ç£ãç¹å®ããã«ã¯ã次ã®ãããªå€æ°ã®ãœãŒã¹ãå®æçã«ç£èŠããå¿ èŠããããŸãã
- Git ãªããžããªã
- ã¯ã©ãŠãã¹ãã¬ãŒãžã®æ§æãäžååã
- ãµã€ãã貌ãä»ããŸãã
- 瀟亀ã¡ãã£ã¢;
- ç¯çœªãã©ãŒã©ã ;
- ããŒã¯ãŠã§ãã
ãŸãã¯ãã¬ã€ãã«èšèŒãããŠããé£æ床å¥ã«ã©ã³ã¯ä»ããããç¡æã®ãŠãŒãã£ãªãã£ãšãã¯ããã¯ã䜿çšããŠãã ããã
ã¹ããã 4: ä¿è·æªçœ®ãè¬ãã
éç¥ãåãåã£ãããç¹å®ã®ã¢ã¯ã·ã§ã³ãå®è¡ããå¿ èŠããããŸããç§ãã¡ã¯æŠè¡ãäœæŠãæŠç¥ãåºå¥ããããšãã§ããŸãã
Digital Shadows ã§ã¯ãåã¢ã©ãŒãã«æšå¥šãããã¢ã¯ã·ã§ã³ãå«ãŸããŠããŸããããããœãŒã·ã£ã« ãããã¯ãŒã¯äžã®ãã£ãã·ã³ã° ãã¡ã€ã³ãŸãã¯ããŒãžã®å Žåã¯ããåé€ãã»ã¯ã·ã§ã³ã§è¿æžã®ã¹ããŒã¿ã¹ã远跡ã§ããŸãã
ã㢠ããŒã¿ã«ãžã® 7 æ¥éã®ã¢ã¯ã»ã¹
ããã¯æ¬æ Œçãªãã¹ãã§ã¯ãªããã€ã³ã¿ãŒãã§ã€ã¹ã«æ £ããŠæ å ±ãæ€çŽ¢ããããã«ã㢠ããŒã¿ã«ã«äžæçã«ã¢ã¯ã»ã¹ããã ãã§ããããšãããã«äºçŽãããŠãã ãããå®å šãªãã¹ãã«ã¯ç¹å®ã®äŒæ¥ã«é¢é£ããããŒã¿ãå«ãŸãããããã¢ããªã¹ãã®äœæ¥ãå¿ èŠã«ãªããŸãã
ã㢠ããŒã¿ã«ã«ã¯æ¬¡ã®ãã®ãå«ãŸããŸãã
- ãã£ãã·ã³ã° ãã¡ã€ã³ãæŒæŽ©ããèªèšŒæ å ±ãã€ã³ãã©ã¹ãã©ã¯ãã£ã®åŒ±ç¹ã«é¢ããã¢ã©ãŒãã®äŸã
- ããŒã¯ããã ããŒãžãç¯çœªãã©ãŒã©ã ããã£ãŒããªã©ãæ€çŽ¢ããŸãã
- 200 ã®ãµã€ããŒè åšãããã¡ã€ã«ãããŒã«ããã£ã³ããŒã³ã
ããã«ã¢ã¯ã»ã¹ã§ããŸã
é±åãã¥ãŒã¹ã¬ã¿ãŒãšããããã£ã¹ã
é±åãã¥ãŒã¹ã¬ã¿ãŒã§
æ å ±æºãè©äŸ¡ããããã«ãDigital Shadows 㯠2 ã€ã®ãããªãã¯ã¹ããã®å®æ§çèšè¿°ã䜿çšããŠãæ å ±æºã®ä¿¡é Œæ§ãšããããåãåã£ãæ å ±ã®ä¿¡é Œæ§ãè©äŸ¡ããŸãã
ãã®èšäºã¯ãããããšã«å·çããŸããã
ãœãªã¥ãŒã·ã§ã³ã«èå³ãããå Žåã¯ãåœç€Ÿã«é£çµ¡ããŠãã ãã - äŒç€Ÿ
èè
ïŒ
åºæïŒ habr.com