{"id":55145,"date":"2025-03-20T07:58:00","date_gmt":"2025-03-20T15:58:00","guid":{"rendered":"https:\/\/www.sumologic.com\/blog\/%ea%b3%b5%ea%b8%89%eb%a7%9d-%ea%b3%b5%ea%b2%a9%ec%9c%bc%eb%a1%9c%eb%b6%80%ed%84%b0-ci-cd-%ed%8c%8c%ec%9d%b4%ed%94%84%eb%9d%bc%ec%9d%b8%ec%9d%84-%eb%b3%b4%ed%98%b8%ed%95%98%eb%8a%94-sumo-logic-cloud-si"},"modified":"2025-10-20T14:10:18","modified_gmt":"2025-10-20T22:10:18","slug":"secure-azure-devops-github-supply-chain-attacks","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/ko\/blog\/secure-azure-devops-github-supply-chain-attacks","title":{"rendered":"\uacf5\uae09\ub9dd \uacf5\uaca9\uc73c\ub85c\ubd80\ud130 CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc744 \ubcf4\ud638\ud558\ub294 Sumo Logic Cloud SIEM \uaddc\uce59"},"content":{"rendered":"\n<section class=\"e-stn e-stn-0d652506f82b000a392973813b918ee25d5b4211 e-stn--glossary-inner-content e-stn--table-of-content\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-1f7b3997080fc292474d26ff00c905d99d3520fa e-col--content-wrapper  col-sm-12 col-lg-12 col-xl-12\">\n<div class=\"e-div e-div-a1b32f66e1749758df41d5aea14f647cd10e362c e-div--card-btn-link\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1400\" height=\"400\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/header-ThreatLabs_SupplyChain_blog_700x200.jpg\" alt=\"\" class=\"wp-image-14766\" title=\"\"><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\ucd5c\uadfc \ub4e4\uc5b4 <a href=\"\/solutions\/developer-tools\">\uc9c0\uc18d\uc801 \ud1b5\ud569\u00b7\uc9c0\uc18d\uc801 \ubc30\ud3ec(CI\/CD) \ud30c\uc774\ud504\ub77c\uc778<\/a>\uc744 \ub178\ub9ac\ub294 \uacf5\uae09\ub9dd \uacf5\uaca9(Supply Chain Attack)\uc774 \ube60\ub974\uac8c \uc99d\uac00\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7f0 \uacf5\uaca9\uc774 \ub2e4\ub978 \uc870\uc9c1\ub9cc\uc758 \ubb38\uc81c\ub85c \uc0dd\uac01\ud558\uae30 \uc27d\uc9c0\ub9cc, \uc0ac\uc2e4 \uc870\uc9c1 \ub610\ud55c \uacf5\uae09\ub9dd\uc758 \uc77c\ubd80\uc785\ub2c8\ub2e4. \ud68c\uc0ac\uac00 \uc790\uccb4\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub97c \uac1c\ubc1c\ud558\ub4e0, \uace0\uac1d \uc11c\ube44\uc2a4\uc758 \uc77c\ubd80\ub85c \uc81c\uacf5\ud558\ub4e0, \ud639\uc740 \uc81c\ud488 \ud615\ud0dc\ub85c \ud310\ub9e4\ud558\ub4e0 \uacf5\uae09\ub9dd \uacf5\uaca9\uc758 \uc704\ud5d8\uc5d0\uc11c \uc644\uc804\ud788 \uc790\uc720\ub85c\uc6b4 \uae30\uc5c5\uc740 \uc5c6\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\ud2b9\ud788 Azure DevOps\ub098 GitHub Enterprise \uac19\uc740 CI\/CD \ub3c4\uad6c\ub97c \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0, \uacf5\uaca9\uc790\ub294 \uc774\ub7ec\ud55c \uc2dc\uc2a4\ud15c\uc744 \uc545\uc6a9\ud574 \uc18c\uc2a4 \ucf54\ub4dc\ub97c \uc190\uc0c1\uc2dc\ud0a4\uac70\ub098 \uc778\ud504\ub77c\ub97c \uad50\ub450\ubcf4\ub85c \uc0bc\uc544 \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uce68\uc785\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc758 \ubcf4\uc548 \uac15\ud654\ub294 \uc120\ud0dd\uc774 \uc544\ub2c8\ub77c \ud544\uc218\uc785\ub2c8\ub2e4. \uc774\ub97c \uc704\ud574\uc11c\ub294 \uc0ac\uc6a9 \ud604\ud669\uc744 \uc9c0\uc18d\uc801\uc73c\ub85c \uac10\uc0ac(audit)\ud558\uace0, \uac10\uc0ac \ub85c\uadf8\ub97c <a href=\"https:\/\/www.sumologic.com\/guides\/siem\" data-type=\"resource\" data-id=\"3026\">SIEM<\/a> \uc194\ub8e8\uc158\uc5d0 \uc218\uc9d1\ud558\uba70, \uc545\uc131 \ud65c\ub3d9\uc744 \uac10\uc9c0\ud558\uae30 \uc704\ud574 \ub85c\uadf8\ub97c \uc2e4\uc2dc\uac04\uc73c\ub85c \ubaa8\ub2c8\ud130\ub9c1\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<p>Azure DevOps\uc640 GitHub\uc6a9\uc73c\ub85c \uc0ac\uc804 \uad6c\uc131\ub41c Sumo Logic Cloud SIEM\uc740 \ubd88\ud544\uc694\ud55c \ub178\uc774\uc988\ub97c \uc81c\uac70\ud558\uace0 \uc704\ud611\uc744 \ud0d0\uc9c0\ud558\uba70, \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uacf5\uae09\ub9dd\uc758 \uac00\uc2dc\uc131\uacfc \ud1b5\uc81c\ub825\uc744 \uac15\ud654\ud558\uc5ec \ubcf4\uc548 \uc6b4\uc601 \uacfc\uc815\uc744 \ud55c\uce35 \ub354 \uac04\uc18c\ud654\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"supply-chain-attacks-defined\">\uacf5\uae09\ub9dd \uacf5\uaca9\uc758 \uc815\uc758<\/h2>\n\n\n\n<p>\ucd5c\uadfc \uba87 \ub144\uac04 \uacf5\uae09\ub9dd \uacf5\uaca9\uc740 \ub274\uc2a4 \ud5e4\ub4dc\ub77c\uc778\uc744 \uc7a5\uc2dd\ud558\uba70 \uadf8 \ud30c\uae09\ub825\uc744 \uc785\uc99d\ud588\uc2b5\ub2c8\ub2e4. \ub300\ud45c\uc801\uc778 \uc0ac\ub840\ub85c\ub294 \ub2e4\uc74c\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uc194\ub77c\uc708\uc988(SolarWinds) \uce68\ud574<\/a>: \uc57d 18,000\uac1c \uc870\uc9c1\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce5c \ud30c\uad34\uc801 \uacf5\uaca9 \uc0ac\ub840<\/li>\n\n\n\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/3cx-hackers-compromised-critical\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uae08\uc735 \uc18c\ud504\ud2b8\uc6e8\uc5b4 X_TRADER \uce68\ud574<\/a>: \uae08\uc735 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub97c \ud1b5\ud55c \uacf5\uaca9\uc73c\ub85c, \ud1b5\uc2e0\u00b7\uae08\uc735\u00b7\ud575\uc2ec \uc778\ud504\ub77c \uae30\uc5c5\uc744 \uaca8\ub0e5\ud55c \uc0ac\ub840<\/li>\n\n\n\n<li><a href=\"https:\/\/www.zdnet.com\/article\/updated-kaseya-ransomware-attack-faq-what-we-know-now\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uce74\uc138\uc57c(Kaseya) \uce68\ud574<\/a>: \uad00\ub9ac \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub97c \uc545\uc6a9\ud574 \uc57d 1,500\uac1c \uace0\uac1d\uc0ac\uc5d0 \ub79c\uc12c\uc6e8\uc5b4 \uacf5\uaca9\uc744 \uc218\ud589\ud55c \uc0ac\ub840<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/www.welivesecurity.com\/en\/business-security\/assessing-mitigating-cybersecurity-risks-supply-chain\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uacf5\uae09\ub9dd \uacf5\uaca9<\/a>\uc740 \uc5ec\ub7ec \ud615\ud0dc\ub85c \ubc1c\uc0dd\ud569\ub2c8\ub2e4. 2013\ub144 <a href=\"https:\/\/krebsonsecurity.com\/2014\/02\/target-hackers-broke-in-via-hvac-company\/\" target=\"_blank\" rel=\"noreferrer noopener\">HVAC \ud558\uccad\uc5c5\uccb4\ub97c \ud1b5\ud55c \ud0c0\uac9f(Targe \uce68\ud574 \uc0ac\ub840<\/a>\ucc98\ub7fc \uc11c\ube44\uc2a4 \uacf5\uae09\uc5c5\uccb4\uc758 \uc790\uaca9 \uc99d\uba85\uc744 \ud0c8\ucde8\ud558\ub294 \ubc29\uc2dd\uc5d0\uc11c, <a href=\"https:\/\/security.googleblog.com\/2021\/12\/understanding-impact-of-apache-log4j.html\" target=\"_blank\" rel=\"noreferrer noopener\">log4j<\/a> \uc0ac\ub840\ucc98\ub7fc \uc5ec\ub7ec \uc18c\ud504\ud2b8\uc6e8\uc5b4 \ubca4\ub354\uac00 \uc0ac\uc6a9\ud558\ub294 \uc624\ud508\uc18c\uc2a4 \ucf54\ub4dc\uc758 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \ubc29\uc2dd\uae4c\uc9c0 \ub2e4\uc591\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\uc774 \uae00\uc5d0\uc11c\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uac1c\ubc1c \ubc0f \ubc30\ud3ec \uacfc\uc815\uc5d0\uc11c \ubc1c\uc0dd\ud558\ub294 \uacf5\uae09\ub9dd \uacf5\uaca9\uc5d0 \ub300\ud574 \uc0b4\ud3b4\ubd05\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uacf5\uaca9\uc5d0\uc11c\ub294 \uc545\uc131 \ucf54\ub4dc\uac00 \uc2e0\ub8b0\ub41c \uc18c\ud504\ud2b8\uc6e8\uc5b4\uc5d0 \uc8fc\uc785\ub418\uc5b4, \uc815\uc0c1\uc801\uc778 \uc18c\ud504\ud2b8\uc6e8\uc5b4\uac00 \uacf5\uaca9 \ub3c4\uad6c\ub85c \ubcc0\uc9c8\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\uacb0\uad6d, \uacf5\uae09\ub9dd \uacf5\uaca9\uc740 \u2018\uc2e0\ub8b0\u2019\ub97c \uc545\uc6a9\ud558\ub294 \uacf5\uaca9\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uae30\uc5c5\uc774 \uc81c\uacf5\ud558\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub098 \uc11c\ube44\uc2a4\uac00 \uc545\uc758\uc801\uc774\uc9c0 \uc54a\uace0 \ucda9\ubd84\ud788 \uc548\uc804\ud560 \uac83\uc774\ub77c\ub294 \uc0ac\uc6a9\uc790\ub4e4\uc758 \uc554\ubb35\uc801 \uc2e0\ub8b0\ub97c \ub178\ub9bd\ub2c8\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-attackers-exploit-ci-cd-pipelines-for-supply-chain-attacks\">CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc744 \ub178\ub9b0 \uacf5\uae09\ub9dd \uacf5\uaca9\uc758 \uce68\ud22c \ubc29\uc2dd<\/h2>\n\n\n\n<p>\uc55e\uc11c \uc5b8\uae09\ud55c \uc8fc\uc694 \uacf5\uaca9 \uc0ac\ub840\ub4e4\uc744 \ub2e4\uc2dc \uc0b4\ud3b4\ubcf4\uba74, \uacf5\uaca9\uc790\ub4e4\uc774 \ubaa9\ud45c\ub97c \ub2ec\uc131\ud55c \ubc29\uc2dd\uc740 \ub180\ub77c\uc6b8 \ub9cc\ud07c \uc720\uc0ac\ud569\ub2c8\ub2e4. \uc774\ub4e4 \uc0ac\ub840 \ubaa8\ub450\uc5d0\uc11c \uacf5\uaca9\uc790\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \ube4c\ub4dc \ub610\ub294 \ubc30\ud3ec \uacfc\uc815\uc758 \ud55c \ub2e8\uacc4\ub97c \ud558\uc774\uc7ac\ud0b9\ud558\uc5ec \uc545\uc131 \ucf54\ub4dc\ub97c \uc0bd\uc785\ud588\uc2b5\ub2c8\ub2e4. \uac01 \uacf5\uaca9 \uc0ac\ub840\uc5d0\uc11c \uc0ac\uc6a9\ub41c \uce68\uc785 \uae30\ubc95\uc744 \uad6c\uccb4\uc801\uc73c\ub85c \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/venafi.com\/blog\/solarwinds-sunburst-attack-explained-what-really-happened\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uc194\ub77c\uc708\uc988<\/a>: \u201c\uacf5\uaca9\uc790\ub294 \uc624\ub9ac\uc628(Orion)\uc758 \ube4c\ub4dc \uc11c\ubc84 \uc911 \ud558\ub098\ub97c \uce68\ud574\ud574 \uc5c5\ub370\uc774\ud2b8 \ubaa8\ub4c8\uc5d0 \ubc31\ub3c4\uc5b4\ub97c \uc0bd\uc785\ud588\uc2b5\ub2c8\ub2e4. \ub514\uc9c0\ud138 \uc11c\uba85\uc774 \ub41c \uc774 \uc190\uc0c1\ub41c \uc5c5\ub370\uc774\ud2b8\ub294 \ud3ec\ucd98 500\ub300 \uae30\uc5c5\uc744 \ud3ec\ud568\ud55c \uc57d 18,000\uac1c\uc758 SolarWinds \uace0\uac1d\uc5d0\uac8c \ubc30\ud3ec\ub418\uc5c8\uc73c\uba70, \uc6f9\uc0ac\uc774\ud2b8\ub97c \ud1b5\ud574 \uc81c\uacf5\ub418\uc5c8\uc2b5\ub2c8\ub2e4.&#8221;<\/li>\n\n\n\n<li><a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/3cx-software-supply-chain-compromise\" target=\"_blank\" rel=\"noreferrer noopener\">3CX<\/a>: (X_TRADER \uacf5\uaca9\uc73c\ub85c \uc774\uc5b4\uc9c4 \uacf5\uae09\ub9dd \uacf5\uaca9): \u201c\uacf5\uaca9\uc790\ub294 \ucd5c\uc885\uc801\uc73c\ub85c Windows \ubc0f macOS \ube4c\ub4dc \ud658\uacbd \ubaa8\ub450\ub97c \uce68\ud574\ud588\uc2b5\ub2c8\ub2e4. Windows \ube4c\ub4dc \ud658\uacbd\uc5d0\uc11c\ub294 TAXHAUL \ub7f0\ucc98\uc640 COLDCAT \ub2e4\uc6b4\ub85c\ub4dc \ud504\ub85c\uadf8\ub7a8\uc744 \ubc30\ud3ec\ud558\uc5ec, IKEEXT \uc11c\ube44\uc2a4\ub97c \ud1b5\ud574 DLL \uac80\uc0c9 \uc21c\uc11c\ub97c \ud558\uc774\uc7ac\ud0b9\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c LocalSystem \uad8c\ud55c\uc744 \uc720\uc9c0\ud588\uc2b5\ub2c8\ub2e4. macOS \ube4c\ub4dc \uc11c\ubc84\ub294 Launch Daemons\ub97c \uc9c0\uc18d\uc131 \uba54\ucee4\ub2c8\uc998\uc73c\ub85c \ud65c\uc6a9\ud558\ub294 POOLRAT \ubc31\ub3c4\uc5b4\ub85c \uce68\ud574\ub418\uc5c8\uc2b5\ub2c8\ub2e4.\u201d<\/li>\n\n\n\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2021\/07\/04\/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uce74\uc138\uc57c(Kaseya)<\/a>: \u201c\ub808\ube4c(Revil) \ud574\ucee4\ub4e4\uc740 \uce74\uc138\uc57c\uc758 VSA \uc6d0\uaca9 \uad00\ub9ac \uc11c\ube44\uc2a4\ub97c \uc545\uc6a9\ud574 \uc545\uc131 \uc5c5\ub370\uc774\ud2b8 \ud328\ud0a4\uc9c0\ub97c \ubc30\ud3ec\ud588\uc2b5\ub2c8\ub2e4.\uc774 \uc5c5\ub370\uc774\ud2b8\ub294 \uad00\ub9ac\ud615 \uc11c\ube44\uc2a4 \uc81c\uacf5\uc5c5\uccb4(MSP) \uace0\uac1d\uacfc \uc628\ud504\ub808\ubbf8\uc2a4 \ubc84\uc804\uc758 VSA \ud50c\ub7ab\ud3fc\uc744 \uc0ac\uc6a9\ud558\ub294 \uae30\uc5c5\uc744 \ub300\uc0c1\uc73c\ub85c \uc2e4\ud589\ub418\uc5c8\uc2b5\ub2c8\ub2e4.\u201d<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-sumo-logic-azure-devops-and-github-rules\">Sumo Logic\uc758 Azure DevOps \ubc0f GitHub \uaddc\uce59 \uc138\ud2b8<\/h2>\n\n\n\n<p>Sumo Logic Threat Labs \ud300\uc740 CI\/CD \ud658\uacbd \ub0b4 \uacf5\uaca9\uc790 \ud65c\ub3d9\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud558\uace0 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574, <a href=\"https:\/\/www.sumologic.com\/ko\/solutions\/cloud-siem\">Sumo Logic Cloud SIEM<\/a>\uc5d0\uc11c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub294 \ub450 \uac00\uc9c0 \uaddc\uce59 \uc138\ud2b8\ub97c \ucd9c\uc2dc\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/help.sumologic.com\/release-notes-cse\/2024\/12\/31\/#rules-1\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub \uaddc\uce59<\/a>: GitHub\uc5d0\uc11c \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ud65c\ub3d9\uc744 \ud0d0\uc9c0\ud558\ub3c4\ub85d \uc124\uacc4\ub41c \uaddc\uce59 \uc138\ud2b8\ub85c, 2024\ub144 12\uc6d4 6\uc77c\uc5d0 \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/li>\n\n\n\n<li><a href=\"https:\/\/help.sumologic.com\/release-notes-cse\/2025\/03\/13\/content\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure DevOps \uaddc\uce59<\/a>: <a href=\"https:\/\/github.com\/Azure\/Azure-Sentinel\/tree\/master\/Solutions\/AzureDevOpsAuditing\/Analytic%20Rules\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Sentinel\uc758 Azure DevOps \ud0d0\uc9c0 \uaddc\uce59<\/a>\uc744 \uae30\ubc18\uc73c\ub85c \ud558\uba70, IBM X-Force Red\uc758 \ubc31\uc11c <a href=\"https:\/\/www.ibm.com\/downloads\/documents\/us-en\/10a99803d42fd1e5\" target=\"_blank\" rel=\"noreferrer noopener\"><em>\u2018\ud074\ub77c\uc6b0\ub4dc\uc5d0 \uc228\uae30: Azure DevOps \uc11c\ube44\uc2a4 \uc545\uc6a9\uc744 \ud1b5\ud55c Microsoft Sentinel \ubd84\uc11d \uaddc\uce59 \uc6b0\ud68c(Hiding in the Clouds: Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules)<\/em><em><\/em><\/a><em>\u2019\uc5d0 \uc81c\uc2dc\ub41c \ud29c\ub2dd \uac00\uc774\ub4dc\ub97c \ucc38\uace0\ud574 \uc81c\uc791\ub418\uc5c8\uc2b5\ub2c8\ub2e4. <\/em>\uc774 \uaddc\uce59\uc740 2025\ub144 3\uc6d4 13\uc77c\uc5d0 \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-get-started-with-sumo-logic-s-azure-devops-and-github-rules\">Sumo Logic\uc758 Azure DevOps \ubc0f GitHub \uaddc\uce59 \uc0ac\uc6a9 \ubc29\ubc95<\/h2>\n\n\n\n<p>Sumo Logic Cloud SIEM\uc744 \uc0ac\uc6a9 \uc911\uc774\ub77c\uba74, \uc774\ubbf8 Azure DevOps \ubc0f GitHub \uaddc\uce59\uc774 \ud65c\uc131\ud654\ub41c \uc0c1\ud0dc\uc77c \uac00\ub2a5\uc131\uc774 \ub192\uc2b5\ub2c8\ub2e4. \uc774 \uaddc\uce59\uc744 \ud6a8\uacfc\uc801\uc73c\ub85c \ud65c\uc6a9\ud558\ub824\uba74, \uc6b0\uc120 CI\/CD \ud50c\ub7ab\ud3fc\uc5d0\uc11c \ub85c\uadf8\ub97c \uc218\uc9d1\ud574\uc57c \ud569\ub2c8\ub2e4. \uc544\ub798\ub294 \ub85c\uadf8 \uc218\uc9d1 \uc808\ucc28\ub97c \uac04\ub7b5\ud788 \uc815\ub9ac\ud55c \uac83\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"azure-devops-log-collection\">Azure DevOps \ub85c\uadf8 \uc218\uc9d1<\/h3>\n\n\n\n<p>Azure DevOps \ub85c\uadf8\ub97c \uc218\uc9d1\ud558\ub824\uba74 \ub2e4\uc74c \ub2e8\uacc4\ub97c \uc218\ud589\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Azure DevOps \uc870\uc9c1\uc5d0\uc11c \uac10\uc0ac(Auditing) \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud569\ub2c8\ub2e4.<\/li>\n\n\n\n<li>\uac10\uc0ac \ub85c\uadf8\ub97c Azure Event Hub\ub85c \uc2a4\ud2b8\ub9ac\ubc0d\ud558\ub3c4\ub85d \uad6c\uc131\ud569\ub2c8\ub2e4.<\/li>\n\n\n\n<li><a href=\"https:\/\/help.sumologic.com\/docs\/send-data\/hosted-collectors\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sumo Logic Hosted Collector<\/a>\ub97c \uc0ac\uc6a9\ud574 Event Hub\uc5d0\uc11c \ub85c\uadf8\ub97c \uc218\uc9d1\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n\n\n\n<p>\uc790\uc138\ud55c \ub2e8\uacc4\ub294 Azure DevOps \uc870\uc9c1\uc758 \uac10\uc0ac \uae30\ub2a5 \ud65c\uc131\ud654 \ubc0f \uac10\uc0ac \ub85c\uadf8\uc758 <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/devops\/organizations\/audit\/auditing-streaming?view=azure-devops\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Event Hub<\/a> \uc2a4\ud2b8\ub9ac\ubc0d \uad6c\uc131\uc5d0 \uad00\ub828\ub41c <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/devops\/organizations\/audit\/azure-devops-auditing?view=azure-devops&amp;tabs=preview-page\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft\uc758 \uacf5\uc2dd \ubb38\uc11c<\/a>\ub97c \ucc38\uace0\ud558\uc138\uc694. \ub610\ud55c, <a href=\"https:\/\/help.sumologic.com\/docs\/send-data\/hosted-collectors\/cloud-to-cloud-integration-framework\/azure-event-hubs-source\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sumo Logic\uc758 \ub3c4\uc6c0\ub9d0 \ud398\uc774\uc9c0\uc5d0\uc11c \u2018Azure Event Hubs Source\u2019 \ud56d\ubaa9<\/a>\uc744 \ud655\uc778\ud558\uc2dc\uba74 \ub85c\uadf8 \uc218\uc9d1 \uad6c\uc131\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc744 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ub9c8\uc9c0\ub9c9\uc73c\ub85c, \ub85c\uadf8 \uc18c\uc2a4\ub97c \uc0dd\uc131\ud560 \ub54c \ubc18\ub4dc\uc2dc \u2018Cloud SIEM\uc73c\ub85c \ud3ec\uc6cc\ub4dc\u2019 \uc635\uc158\uc774 \ud65c\uc131\ud654\ub418\uc5b4 \uc788\ub294\uc9c0 \ud655\uc778\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"github-log-collection\">GitHub \ub85c\uadf8 \uc218\uc9d1<\/h3>\n\n\n\n<p><strong>\ucc38\uace0: GitHub \uaddc\uce59\uc740 GitHub Enterprise \uac10\uc0ac \ub85c\uadf8\ub97c \uae30\ubc18\uc73c\ub85c \uac1c\ubc1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/strong><\/p>\n\n\n\n<p>GitHub \ub85c\uadf8\ub97c \uc218\uc9d1\ud558\ub824\uba74 \ub2e4\uc74c \ub2e8\uacc4\ub97c \uc218\ud589\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>GitHub \ub85c\uadf8\ub97c AWS S3 \ubc84\ud0b7\uc73c\ub85c \uc2a4\ud2b8\ub9ac\ubc0d\ud569\ub2c8\ub2e4.<\/li>\n\n\n\n<li>Sumo Logic Hosted Collector\ub97c \ud1b5\ud574 S3\uc5d0\uc11c GitHub \ub85c\uadf8\ub97c \uc218\uc9d1\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n\n\n\n<p>\uad6c\uc131 \ubc29\ubc95\uc740 GitHub\uc758 <a href=\"https:\/\/docs.github.com\/en\/enterprise-cloud@latest\/admin\/monitoring-activity-in-your-enterprise\/reviewing-audit-logs-for-your-enterprise\/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3\" target=\"_blank\" rel=\"noreferrer noopener\">&#8216;Amazon S3\ub85c \uc2a4\ud2b8\ub9ac\ubc0d \uc124\uc815\ud558\uae30&#8217;<\/a> \ubb38\uc11c\ub97c \ub530\ub77c \ub85c\uadf8 \uc2a4\ud2b8\ub9ac\ubc0d\uc744 \uc124\uc815\ud558\uace0, Sumo Logic\uc758 \ub3c4\uc6c0\ub9d0\uc5d0\uc11c <a href=\"https:\/\/help.sumologic.com\/docs\/send-data\/hosted-collectors\/amazon-aws\/aws-s3-source\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u2018Amazon S3 Source\u2019 \ud56d\ubaa9<\/a>\uc744 \ucc38\uc870\ud558\uc5ec S3 \ubc84\ud0b7\uc5d0\uc11c \ub85c\uadf8 \uc218\uc9d1\uc744 \uad6c\uc131\ud569\ub2c8\ub2e4. \ub85c\uadf8 \uc18c\uc2a4\ub97c \uc124\uc815\ud560 \ub54c\ub294 \uc544\ub798 \ud544\ub4dc\ub97c \ubc18\ub4dc\uc2dc \ucd94\uac00\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>\ud544\ub4dc \uc774\ub984<\/strong><\/td><td><strong>\ud544\ub4dc \uac12<\/strong><\/td><\/tr><tr><td>_siemForward<\/td><td>true<\/td><\/tr><tr><td>_parser<\/td><td>\/Parsers\/System\/Github\/GitHub Enterprise Audit<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1156\" height=\"1278\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image7.jpg\" alt=\"\" class=\"wp-image-14228\" title=\"\"><\/figure>\n\n\n\n<p><em>\uad6c\uc131 \uc608\uc2dc \u2013 Amazon S3 \ub85c\uadf8 \uc18c\uc2a4\ub97c \ud1b5\ud55c GitHub \ub85c\uadf8 \uc218\uc9d1<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"attacker-techniques-that-sumo-logic-s-cloud-siem-rules-detect\">Sumo Logic Cloud SIEM \uaddc\uce59\uc774 \ud0d0\uc9c0\ud558\ub294 \uacf5\uaca9\uc790 \uae30\ubc95<\/h2>\n\n\n\n<p>Sumo Logic Cloud SIEM \uaddc\uce59\uc740 CI\/CD \ud658\uacbd \ub0b4 \ub2e4\uc591\ud55c \uacf5\uaca9\uc790 \uae30\ubc95\uc744 \ud0d0\uc9c0\ud569\ub2c8\ub2e4. \uc544\ub798\ub294 Azure DevOps \ubc0f GitHub \uaddc\uce59\uc5d0\uc11c \ud0d0\uc9c0\ud560 \uc218 \uc788\ub294 \ub300\ud45c\uc801\uc778 \uacf5\uaca9 \uc804\uc220\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"technique-pull-request-review-bypass\">\uae30\ubc95: \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uac80\ud1a0 \uc6b0\ud68c<\/h3>\n\n\n\n<p>\ud0d0\uc9c0 \uaddc\uce59:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure DevOps &#8211; \ucd5c\ucd08 \uac10\uc9c0 \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uc815\ucc45 \uc6b0\ud68c<\/li>\n\n\n\n<li>GitHub &#8211; \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uac80\ud1a0 \uc694\uac74 \uc81c\uac70<\/li>\n<\/ul>\n\n\n\n<p>CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc740 \ube60\ub978 \uc18d\ub3c4\ub97c \uc704\ud574 \uc124\uacc4\ub418\uc5b4 \uc788\uc5b4, \uac1c\ubc1c\uc790\ub294 \ud558\ub8e8\uc5d0\ub3c4 \uc5ec\ub7ec \ubc88 \ud504\ub85c\ub355\uc158\uc5d0 \ucf54\ub4dc\ub97c \uc5c5\ub370\uc774\ud2b8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ucc98\ub7fc \ube60\ub978 \ub9b4\ub9ac\uc2a4 \uc18d\ub3c4\ub294 \ube44\uc988\ub2c8\uc2a4\uc5d0 \uc774\uc810\uc744 \uc81c\uacf5\ud558\uc9c0\ub9cc, \ub3d9\uc2dc\uc5d0 \uac80\ud1a0\ub418\uc9c0 \uc54a\uc740 \ucf54\ub4dc\ub098 \uc545\uc131 \ucf54\ub4dc\uac00 \ud504\ub85c\ub355\uc158\uc73c\ub85c \uc9c1\uc811 \ubc18\uc601\ub420 \uc704\ud5d8\ub3c4 \uc99d\uac00\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\uc774\ub7ec\ud55c \uc704\ud5d8\uc744 \uc904\uc774\ub294 \uac00\uc7a5 \uae30\ubcf8\uc801\uc778 \ubc29\ubc95\uc740 \ub3d9\ub8cc \uac80\ud1a0(peer review) \uc808\ucc28\ub97c \ub450\ub294 \uac83\uc785\ub2c8\ub2e4. \uc989, \ube4c\ub4dc\u00b7\ubc30\ud3ec \ub2e8\uacc4\ub85c \ub118\uc5b4\uac00\uae30 \uc804\uc5d0 \ubc18\ub4dc\uc2dc \ud480 \ub9ac\ud018\uc2a4\ud2b8(Pull Request, PR)\ub97c \ud1b5\ud574 \uc2b9\uc778 \uacfc\uc815\uc744 \uac70\uce58\ub3c4\ub85d \ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<p><a href=\"https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP \ubc1c\ud45c CI\/CD \ubcf4\uc548 10\ub300 \uc704\ud5d8<\/a>\uc5d0 \ub530\ub974\uba74, \uac80\ud1a0 \uc808\ucc28\ub97c \uc6b0\ud68c\ud558\ub294 \ud589\uc704\uc57c\ub9d0\ub85c CI\/CD \ud658\uacbd\uc5d0\uc11c \uac00\uc7a5 \ud070 \ubcf4\uc548 \uc704\ud5d8\uc73c\ub85c \uaf3d\ud799\ub2c8\ub2e4. \uc2e4\uc81c \uc0ac\ub840\ub85c, 2021\ub144 3\uc6d4 PHP \ucf54\ub4dc\ubca0\uc774\uc2a4\uc5d0 <a href=\"https:\/\/news-web.php.net\/php.internals\/113981\" target=\"_blank\" rel=\"noreferrer noopener\">\uc2b9\uc778\ub418\uc9c0 \uc54a\uc740 \ubcc0\uacbd \uc0ac\ud56d<\/a>\uc774 \ubc18\uc601\ub41c \uc0ac\uac74\uc774 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\ubb3c\ub860 \ud2b9\uc815 \uc0c1\ud669\uc5d0\uc11c\ub294 \uac80\ud1a0 \uc6b0\ud68c\uac00 \ud544\uc694\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. Azure DevOps\ub294 <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/devops\/repos\/git\/branch-policies?view=azure-devops&amp;tabs=browser#bypass-branch-policies\" target=\"_blank\" rel=\"noreferrer noopener\">&#8216;\uc6b0\ud68c \uc815\ucc45&#8217; \uc124\uc815<\/a>\uc744 \ud1b5\ud574 PR \uc815\ucc45\uc744 \uc77c\uc2dc\uc801\uc73c\ub85c \uc6b0\ud68c\ud560 \uc218 \uc788\ub294 \uae30\ub2a5\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4. \uc870\uc9c1\uc5d0\ub294 \uc77c\uc2dc\uc801\uc73c\ub85c\ub77c\ub3c4 \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uc815\ucc45\uc744 \uc6b0\ud68c\ud574\uc57c \ud558\ub294 \ud0c0\ub2f9\ud55c \uc774\uc720\uac00 \uc788\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uc77c\uc2dc\uc801\uc73c\ub85c \uc774\ub7ec\ud55c \uc815\ucc45\uc744 \ud5c8\uc6a9\ud558\ub354\ub77c\ub3c4, \ub0a8\uc6a9 \uac00\ub2a5\uc131\uc5d0 \ub300\ube44\ud55c \ubaa8\ub2c8\ud130\ub9c1\uc774 \ubc18\ub4dc\uc2dc \ud544\uc694\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1918\" height=\"368\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image4.jpg\" alt=\"\" class=\"wp-image-14229\" title=\"\"><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\uc608\ub97c \ub4e4\uc5b4, Azure DevOps\uc758 \uaddc\uce59\uc778 \u2018\ucd5c\ucd08 \uac10\uc9c0 \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uc815\ucc45 \uc6b0\ud68c(First seen pull request policy bypassed)\u2019\ub294 \ucd5c\uadfc 90\uc77c\uac04 \ud574\ub2f9 \uc0ac\uc6a9\uc790\uac00 \ud55c \ubc88\ub3c4 PR \uc815\ucc45\uc744 \uc6b0\ud68c\ud55c \uc801\uc774 \uc5c6\ub294\ub370 \uc0c8\ub85c\uc6b4 \uc6b0\ud68c \ud589\uc704\uac00 \ubc1c\uc0dd\ud588\uc744 \uacbd\uc6b0 \ubcf4\uc548 \uc6b4\uc601\uc13c\ud130(SOC) \ubd84\uc11d\ud300\uc5d0 \uacbd\uace0\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4. \uc774 \uacbd\uace0\uac00 \ud2b8\ub9ac\uac70\ub418\uba74, SOC \ubd84\uc11d\ud300\uc740 \ud574\ub2f9 \uc6b0\ud68c\uac00 \uc815\ub2f9\ud55c \uc870\uce58\uc600\ub294\uc9c0, \ub610\ub294 \uacc4\uc815 \ud0c8\ucde8\ub098 \ub0b4\ubd80\uc790 \uc704\ud611 \ud589\uc704\uac00 \uac1c\uc785\ub41c \uac83\uc740 \uc544\ub2cc\uc9c0 \uc870\uc0ac\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"886\" height=\"1142\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image6.jpg\" alt=\"\" class=\"wp-image-14230\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1388\" height=\"840\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image15.jpg\" alt=\"\" class=\"wp-image-14231\" title=\"\"><\/figure>\n\n\n\n<p><em>\ucd5c\ucd08 \uac10\uc9c0 \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uc815\ucc45 \uc6b0\ud68c \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<p>GitHub \uaddc\uce59 &#8216;PR \uac80\ud1a0 \uc694\uac74 \uc81c\uac70(PR review requirement removed)&#8217;\ub294 \ud480 \ub9ac\ud018\uc2a4\ud2b8 \uac80\ud1a0\ub97c \uc6b0\ud68c\ud558\ub294 \uac83\ub3c4 \ubaa8\ub2c8\ud130\ub9c1\ud558\uc9c0\ub9cc, \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0\uc11c \uac80\ud1a0 \uc694\uad6c \uc0ac\ud56d\uc744 \uc644\uc804\ud788 \uc81c\uac70\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c \uc218\ud589\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1902\" height=\"630\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image10-1.jpg\" alt=\"\" class=\"wp-image-14233\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"950\" height=\"708\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image14.jpg\" alt=\"\" class=\"wp-image-14234\" title=\"\"><\/figure>\n\n\n\n<p><em>PR \uac80\ud1a0 \uc694\uac74 \uc81c\uac70 \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"technique-membership-changes-to-privileged-groups\">\uae30\ubc95: \uad8c\ud55c \uadf8\ub8f9\uc758 \uad6c\uc131\uc6d0 \ubcc0\uacbd<\/h3>\n\n\n\n<p>\ud0d0\uc9c0 \uaddc\uce59:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure DevOps &#8211; \uad00\ub9ac\uc790 \uadf8\ub8f9\uc73c\ub85c \ubcc0\uacbd<\/li>\n\n\n\n<li>GitHub &#8211; \uad00\ub9ac\uc790 \ucd94\uac00 \ub610\ub294 \ucd08\ub300<\/li>\n<\/ul>\n\n\n\n<p>2019\ub144 5\uc6d4, \uacf5\uaca9\uc790\uac00 <a href=\"https:\/\/stackoverflow.blog\/2021\/01\/25\/a-deeper-dive-into-our-may-2019-security-incident\/\" target=\"_blank\" rel=\"noreferrer noopener\">\uc2a4\ud0dd \uc624\ubc84\ud50c\ub85c(Stack Overflow) \ub124\ud2b8\uc6cc\ud06c\ub97c \uce68\ud574<\/a>\ud574 &#8216;\uc2a4\ud0dd \uad50\ud658 \ub124\ud2b8\uc6cc\ud06c \uc804\ubc18\uc5d0\uc11c \uad00\ub9ac\uc790 \ubc0f \uac1c\ubc1c\uc790 \uc218\uc900\uc758 \uc811\uadfc \uad8c\ud55c\uc744 \ud68d\ub4dd&#8217;\ud55c \uc0ac\uac74\uc774 \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc73c\ub85c \uc778\ud574 \uc18c\uc2a4 \ucf54\ub4dc\uac00 \uc720\ucd9c\ub418\uace0, 184\uba85\uc758 \uc2a4\ud0dd \uc624\ubc84\ud50c\ub85c \uc0ac\uc6a9\uc790\uc758 \uac1c\uc778 \uc2dd\ubcc4 \uc815\ubcf4(PII)\uac00 \ud0c8\ucde8\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\uc0ac\uc6a9\uc790\uac00 \uad00\ub9ac\uc790 \uad8c\ud55c\uc744 \ud68d\ub4dd\ud558\ub294 \uc774\ubca4\ud2b8\ub294 \uadf8 \uc601\ud5a5 \ubc94\uc704\uac00 \ub9e4\uc6b0 \ud06c\uae30 \ub54c\ubb38\uc5d0 \ubc18\ub4dc\uc2dc \uc8fc\ubaa9\ud574\uc57c \ud569\ub2c8\ub2e4. OWASP\ub294 \ubd80\uc801\uc808\ud55c ID \ubc0f \uc811\uadfc \uad00\ub9ac\ub97c CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc758 \ub450 \ubc88\uc9f8\ub85c \ud070 \uc704\ud5d8 \uc694\uc18c\ub85c \ubd84\ub958\ud569\ub2c8\ub2e4. \uc774 \uc704\ud5d8\uc5d0\ub294 \ucd5c\uc18c \uad8c\ud55c \uc6d0\uce59(the principle of least privilege)\uc744 \ub530\ub974\uc9c0 \uc54a\uac70\ub098, ID \uad00\ub9ac\uac00 \uc81c\ub300\ub85c \uc774\ub8e8\uc5b4\uc9c0\uc9c0 \uc54a\uc544 \ud30c\uc774\ud504\ub77c\uc778\uc774 \uce68\ud574\uc5d0 \ub178\ucd9c\ub418\ub294 \ub2e4\uc591\ud55c \uc0c1\ud669\uc774 \ud3ec\ud568\ub429\ub2c8\ub2e4.<\/p>\n\n\n\n<p>Azure DevOps\uc758 \uaddc\uce59\uc778 \u2018\uad00\ub9ac\uc790 \uadf8\ub8f9\uc73c\ub85c \ubcc0\uacbd(Changes made to administrator group)\u2019\uc740 \uc0ac\uc6a9\uc790\uac00 \ud504\ub85c\uc81d\ud2b8 \uad00\ub9ac\uc790, \ud504\ub85c\uc81d\ud2b8 \uceec\ub809\uc158 \uad00\ub9ac\uc790, \ud504\ub85c\uc81d\ud2b8 \uceec\ub809\uc158 \uc11c\ube44\uc2a4 \uacc4\uc815, \ube4c\ub4dc \uad00\ub9ac\uc790 \ubc0f \ud504\ub85c\uc81d\ud2b8 \uceec\ub809\uc158 \ube4c\ub4dc \uad00\ub9ac\uc790\uc640 \uac19\uc740 Azure DevOps\uc758 \uc5ec\ub7ec \uad8c\ud55c \uadf8\ub8f9\uc5d0 \ucd94\uac00\ub420 \uacbd\uc6b0 SOC \ubd84\uc11d\ud300\uc5d0 \uc54c\ub9bc\uc744 \uc804\uc1a1\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\uc774 \uaddc\uce59\uc774 \ud2b8\ub9ac\uac70\ub418\uba74, SOC \ubd84\uc11d\ud300\uc740 \uadf8\ub8f9 \ubcc0\uacbd\uc774 \uc2b9\uc778\ub41c \ubcc0\uacbd\uc778\uc9c0 \ud655\uc778\ud574\uc57c \ud569\ub2c8\ub2e4. \ub9cc\uc57d CI\/CD \ud658\uacbd\uc774 \ubcc0\uacbd \uad00\ub9ac\uc758 \ubc94\uc704 \ub0b4\uc5d0 \uc788\ub2e4\uba74, \uad00\ub828 \ubcc0\uacbd \uc694\uccad \ud2f0\ucf13\uc744 \uac80\ud1a0\ud558\uace0 \uadf8 \ubcc0\uacbd\uc744 \uc218\ud589\ud55c \uc0ac\uc6a9\uc790\uac00 \uacc4\uc815 \ud0c8\ucde8\ub098 \ub0b4\ubd80 \uc704\ud611\uc758 \uc9d5\ud6c4\ub97c \ubcf4\uc774\uc9c0 \uc54a\ub294\uc9c0\ub3c4 \uc870\uc0ac\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1924\" height=\"540\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image5.jpg\" alt=\"\" class=\"wp-image-14235\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1532\" height=\"938\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image2.jpg\" alt=\"\" class=\"wp-image-14236\" title=\"\"><\/figure>\n\n\n\n<p><em>\uad00\ub9ac\uc790 \uadf8\ub8f9\uc73c\ub85c \ubcc0\uacbd \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<p>\ub9c8\ucc2c\uac00\uc9c0\ub85c \uc774\ub984\uc5d0\uc11c \uc54c \uc218 \uc788\ub4ef\uc774 GitHub\uc758 &#8216;\uad00\ub9ac\uc790 \ucd94\uac00 \ub610\ub294 \ucd08\ub300(Administrator added or invited)&#8217; \uaddc\uce59\uc740 \uc0c8 \uad00\ub9ac\uc790\uac00 \ucd94\uac00\ub418\uac70\ub098 \ucd08\ub300\ub418\ub294 \uc2dc\uc810\uc744 \uac10\uc9c0\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1122\" height=\"500\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image8.png\" alt=\"\" class=\"wp-image-14237\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"666\" height=\"500\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image13.jpg\" alt=\"\" class=\"wp-image-14238\" title=\"\"><\/figure>\n\n\n\n<p><em>\uad00\ub9ac\uc790 \ucd94\uac00 \ub610\ub294 \ucd08\ub300 \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"technique-malicious-tool-integration\">\uae30\ubc95: \uc545\uc131 \ub3c4\uad6c \ud1b5\ud569<\/h3>\n\n\n\n<p>\ud0d0\uc9c0 \uaddc\uce59:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure DevOps &#8211; \ucd5c\ucd08 \uac10\uc9c0 &#8211; \uc2e0\uaddc \ud655\uc7a5 \uae30\ub2a5 \uc124\uce58<\/li>\n\n\n\n<li>GitHub &#8211; API\uc640 \uc0c1\ud638\uc791\uc6a9\ud558\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ucd5c\ucd08 \uac10\uc9c0<\/li>\n<\/ul>\n\n\n\n<p>CI\/CD \ud658\uacbd\uc5d0\ub294 \ucf54\ub4dc \uac80\uc0ac, \ub9ac\uc18c\uc2a4 \uad00\ub9ac, \uc2dc\ud06c\ub9bf \ub300\uccb4 \ub4f1 \ub2e4\uc591\ud55c \uae30\ub2a5\uc744 \ucd94\uac00\ud560 \uc218 \uc788\ub294 \uc11c\ub4dc\ud30c\ud2f0 \ub3c4\uad6c\uc640 \uc11c\ube44\uc2a4\uc758 \ud48d\ubd80\ud55c \uc0dd\ud0dc\uacc4\uac00 \uc874\uc7ac\ud569\ub2c8\ub2e4. \ud558\uc9c0\ub9cc \uc774 \ub3c4\uad6c\uc640 \uc11c\ube44\uc2a4\ub294 \ub3d9\uc2dc\uc5d0 \uacf5\uaca9 \ubca1\ud130(attack vector)\uac00 \ub420 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>2020\ub144 7\uc6d4, \uc815\uc801 \ubd84\uc11d(SAST), \ucf54\ub4dc \ucee4\ubc84\ub9ac\uc9c0, IaC \ubd84\uc11d \uae30\ub2a5\uc744 \uc81c\uacf5\ud558\ub294 \ub525\uc18c\uc2a4(DeepSource) GitHub \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc790\uaca9 \uc99d\uba85\uc774 \uc720\ucd9c\ub418\uc5b4 \uacb0\uad6d \ud574\ub2f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc0ac\uc6a9\uc790\ub4e4\uc758 <a href=\"https:\/\/discuss.deepsource.com\/t\/security-incident-on-deepsource-s-github-application\/131\" target=\"_blank\" rel=\"noreferrer noopener\">\uc790\uaca9 \uc99d\uba85 \ud0c8\ucde8 \uacf5\uaca9<\/a>\uc73c\ub85c \uc545\uc6a9\ub41c \uc0ac\uac74\uc774 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>Azure DevOps \ud50c\ub7ab\ud3fc\uc5d0\ub294 \ud655\uc7a5 \uae30\ub2a5 \ub9c8\ucf13\ud50c\ub808\uc774\uc2a4\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. \ub525\uc18c\uc2a4(DeepSource) \uc0ac\ub840\uc5d0\uc11c \ubcfc \uc218 \uc788\ub4ef\uc774 \ud655\uc7a5 \uae30\ub2a5\uc744 \uc124\uce58\ud558\uac70\ub098 \uc0ac\uc6a9\ud558\uba74 \ud655\uc7a5 \ud504\ub85c\uadf8\ub7a8 \uc790\uccb4\uc5d0\uc11c \uc545\uc131 \ucf54\ub4dc\uac00 \uc720\uc785\ub418\uac70\ub098, \uacf5\uaca9\uc790\uac00 \ud655\uc7a5 \uae30\ub2a5\uc744 \ubc1c\ud310\uc73c\ub85c \uac1c\ubc1c\u00b7\uc6b4\uc601 \ud658\uacbd \ub0b4 \uc811\uadfc \uad8c\ud55c\uc744 \ud68d\ub4dd\ud560 \uc704\ud5d8\uc774 \uc874\uc7ac\ud569\ub2c8\ub2e4. OWASP\ub294 \uc774\ub7ec\ud55c \uc704\ud5d8\uc744 \u2018\uc81c\uc0bc\uc790 \uc11c\ube44\uc2a4\uc758 \ubb34\ubd84\ubcc4\ud55c \uc0ac\uc6a9\u2019 \ubc94\uc8fc\ub85c \ubd84\ub958\ud558\uba70, CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc5d0\uc11c \uc5ec\ub35f \ubc88\uc9f8\ub85c \ud754\ud55c \uc704\ud5d8\uc73c\ub85c \uaf3d\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>Azure DevOps\uc758 \u2018\uc2e0\uaddc \ud655\uc7a5 \uae30\ub2a5 \uc124\uce58(New extension installed)\u2019 \uaddc\uce59\uc740 \uc9c0\ub09c 90\uc77c \ub3d9\uc548 \uc124\uce58 \uc774\ub825\uc774 \uc5c6\ub294 \uc0c8\ub85c\uc6b4 \ud655\uc7a5 \uae30\ub2a5\uc774 Azure DevOps \uc870\uc9c1\uc5d0 \uc124\uce58\ub420 \ub54c \ud2b8\ub9ac\uac70\ub429\ub2c8\ub2e4. \uc774 \uaddc\uce59\uc774 \uc791\ub3d9\ud558\uba74, SOC \ubd84\uc11d\ud300\uc740 \ubcc0\uacbd \uad00\ub9ac \ud2f0\ucf13\uc744 \ud1b5\ud574 \ud574\ub2f9 \ud655\uc7a5 \uae30\ub2a5\uc774 \uc2b9\uc778\ub41c \ubcc0\uacbd \uc0ac\ud56d\uc778\uc9c0 \ub610\ub294 \uc870\uc9c1 \ub0b4\uc5d0\uc11c \uc2b9\uc778\ub41c \ud655\uc7a5 \uae30\ub2a5 \ubaa9\ub85d\uc5d0 \ud3ec\ud568\ub418\uc5b4 \uc788\ub294\uc9c0 \uac80\ud1a0\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"930\" height=\"1210\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image9.jpg\" alt=\"\" class=\"wp-image-14241\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1532\" height=\"908\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image1.jpg\" alt=\"\" class=\"wp-image-14242\" title=\"\"><\/figure>\n\n\n\n<p><em>\uc2e0\uaddc \ud655\uc7a5 \uae30\ub2a5 \ud0d0\uc9c0 \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<p>GitHub\uc758 \u2018API\uc640 \uc0c1\ud638\uc791\uc6a9\ud558\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ucd5c\ucd08 \uac10\uc9c0(First seen application interacting with API)\u2019 \uaddc\uce59\uc740 \ucd5c\uadfc 90\uc77c \ub3d9\uc548 \uad00\ucc30\ub418\uc9c0 \uc54a\uc558\ub358 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 GitHub API\uc640 \uc0c1\ud638\uc791\uc6a9\ud560 \ub54c \uc774\ub97c \uac10\uc9c0\ud569\ub2c8\ub2e4. \uc774 \uaddc\uce59\uc740 \ub2e8\uc21c\ud788 \uc0c8 \ud655\uc7a5 \uae30\ub2a5\ub9cc \ud0d0\uc9c0\ud558\ub294 Azure DevOps \uaddc\uce59\ubcf4\ub2e4 \ubc94\uc704\uac00 \ub113\uc73c\uba70, API\uc640 \ud1b5\uc2e0\ud558\ub294 \ubaa8\ub4e0 \ubbf8\ud655\uc778 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ud0d0\uc9c0 \ub300\uc0c1\uc73c\ub85c \ud3ec\ud568\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"962\" height=\"920\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image3.jpg\" alt=\"\" class=\"wp-image-14243\" title=\"\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"882\" height=\"990\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/blog-DetectingAzure-image11.jpg\" alt=\"\" class=\"wp-image-14251\" title=\"\"><\/figure>\n\n\n\n<p><em>API\uc640 \uc0c1\ud638\uc791\uc6a9\ud558\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ucd5c\ucd08 \uac10\uc9c0 \uaddc\uce59 \ubc0f \ub85c\uadf8 \uc0d8\ud50c<\/em><\/p>\n\n\n\n<p>CI\/CD \ud658\uacbd\uc5d0\uc11c\uc758 \ub85c\uadf8 \uae30\ub85d\uc740 \ubcf4\uc548 \ubaa8\ub2c8\ud130\ub9c1\uc758 \ud575\uc2ec \uc694\uc18c\uc785\ub2c8\ub2e4. OWASP \uc5ed\uc2dc \uc774\ub97c \uac15\uc870\ud558\uba70, <a href=\"https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/CICD-SEC-10-Insufficient-Logging-And-Visibility\" target=\"_blank\" rel=\"noreferrer noopener\">\u2018\ub85c\uae45\uacfc \uac00\uc2dc\uc131 \ubd80\uc871\u2019\uc744 10\ubc88\uc9f8 \uc704\ud5d8 \uc694\uc778<\/a>\uc73c\ub85c \ubd84\ub958\ud569\ub2c8\ub2e4. OWASP\ub294 \u201c\ub85c\uae45\uacfc \uac00\uc2dc\uc131 \ubd80\uc871\uc73c\ub85c \uc778\ud574 \uacf5\uaca9\uc790\uac00 \uacf5\uaca9 \uccb4\uc778\uc758 \uc5b4\ub5a4 \ub2e8\uacc4\uc5d0\uc11c\ub3c4 \ud0d0\uc9c0\ub418\uc9c0 \uc54a\uc740 \ucc44 \uc545\uc131 \ud589\uc704\ub97c \uc218\ud589\ud560 \uc218 \uc788\uc73c\uba70, \uacf5\uaca9 \uc774\ud6c4 \uc870\uc0ac \uacfc\uc815\uc5d0\uc11c\ub3c4 \uacf5\uaca9\uc790\uc758 \uc804\uc220, \uae30\ubc95, \uc808\ucc28(TTP)\ub97c \uc2dd\ubcc4\ud558\uae30 \uc5b4\ub835\uac8c \ub9cc\ub4e0\ub2e4.\u201d\uace0 \uc124\uba85\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-your-ci-cd-environment-with-sumo-logic\">Sumo Logic\uc744 \uc774\uc6a9\ud55c CI\/CD \ud658\uacbd \ubcf4\ud638<\/h2>\n\n\n\n<p>\uacf5\uae09\ub9dd \uacf5\uaca9\uc740 \uc810\uc810 \ub354 \uc815\uad50\ud574\uc9c0\uace0 \uc788\uc73c\uba70, CI\/CD \ud658\uacbd\uc740 \uadf8\uc911\uc5d0\uc11c\ub3c4 \uc8fc\uc694 \ud45c\uc801\uc785\ub2c8\ub2e4. Sumo Logic\uc758 Cloud SIEM \uaddc\uce59\uc744 \ud65c\uc6a9\ud574 CI\/CD \uc0dd\ud0dc\uacc4\ub97c \uc9c0\uc18d\uc801\uc73c\ub85c \ubaa8\ub2c8\ud130\ub9c1\ud558\uba74, \uce68\ud574\ub85c \uc774\uc5b4\uc9c0\uae30 \uc804\uc5d0 \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ud65c\ub3d9\uc744 \uc870\uae30\uc5d0 \ud0d0\uc9c0\ud558\uace0 \ub300\uc751\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>Sumo Logic Cloud SIEM\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 <a href=\"https:\/\/www.sumologic.com\/ko\/solutions\/cloud-siem\">\uc81c\ud488<\/a> \ud398\uc774\uc9c0 \ub610\ub294 <a href=\"\/demo\/experiencing-the-insight-radar\">\ub300\ud654\ud615 \ub370\ubaa8(Interactive Demo)<\/a>\uc5d0\uc11c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":332,"featured_media":45471,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"2","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"blog-category":[320,325],"blog-tag":[],"translation_priority":[]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"62715,62740,62708","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"blog-category":[320,325],"blog-tag":[],"class_list":["post-55145","blog","type-blog","status-publish","has-post-thumbnail","hentry","blog-category-secops-security","blog-category-cloud-siem"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog\/55145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/users\/332"}],"version-history":[{"count":1,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog\/55145\/revisions"}],"predecessor-version":[{"id":55146,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog\/55145\/revisions\/55146"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/media\/45471"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/media?parent=55145"}],"wp:term":[{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog-category?post=55145"},{"taxonomy":"blog-tag","embeddable":true,"href":"https:\/\/www.sumologic.com\/ko\/wp-json\/wp\/v2\/blog-tag?post=55145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}