The goal of this page is to describe how MSTC S2C deals with logging.
Microsoft Azure
...
The solution supports audit trails of changes, which are secured from unauthorized modification, available through technical interface to FC (SIEM integration), and contain information of any security related event so that forensic investigation can be done and security events detected
To be processed:
Logs are made and reviewed of any login attempts to an application, systems and network elements as well as for actions or events that require an audit trail. (AGREED, login attempts are registerd and monitored on a daily basis, logins are reviewed on a monthly basis as part of the monthly infrastructure review process).
In case of a functional or system account used by (a) natural person(s), additionally recording by responsible management of the person and time of usage is mandatory. (NOT AGREED - Use of generic /functional accounts ends Q1-2021)
Log data must structurally be analyzed, at least daily. When suspicious events are detected, this should be treated as a security incident. (NOT AGREED, log data is monitored daily, but not analyzed on a daily basis. The nature of the suspicious events determines whether it is threated as a security incident
KPN CERT can enforce additional log registration following security research. (We would like to understand this item better before we agree). MEER INFO VAN CISO NOODZAKELIJK
Logging must be carried out in such way, that the log data can be used as evidence in possible court cases. (AGREED)
This means that the integrity and availability of this data must be guaranteed and manipulation of log data is not possible. (AGREED, Negometrix has measures in place to minimize the changes of log data being manipulated. We cannot give a 100% guarantee this will not be the case).