/
Logging

Logging

Owned by Hein van Schaik
Last updated: Aug 24, 2022 by Former user (Deleted)
2 min read

The goal of this page is to describe how S2C deals with logging.

Microsoft Azure

There are different types of logging in place for MSTC.

  • Auditing log - not deleted

  • Web log - not deleted

  • Network log - ???

  • System Event log - 3 months

All actions which change data and some important view actions are logged in the system auditing log. All details changed with the action are logged together with information about the user who did the action, the IP address and the exact date and time.

One of the improvement points planned for the second part of 2022 is to query the logs and send automated daily reports based on the findings. This solution will be based on Application Insights (for Azure resources) and CloudWatch (for the AWS resources).

 

Amazon web services

 

Not supported??

The solution supports audit trails of changes, which are secured from unauthorized modification, available through technical interface to FC (SIEM integration), and contain information of any security related event so that forensic investigation can be done and security events detected

 

To be processed:

Logs are made and reviewed of any login attempts to an application, systems and network elements as well as for actions or events that require an audit trail. (AGREED, login attempts are registerd and monitored on a daily basis, logins are reviewed on a monthly basis as part of the monthly infrastructure review process).

In case of a functional or system account used by (a) natural person(s), additionally recording by responsible management of the person and time of usage is mandatory. (NOT AGREED - Use of generic /functional accounts ends Q1-2021)

Log data must structurally be analyzed, at least daily. When suspicious events are detected, this should be treated as a security incident. (NOT AGREED, log data is monitored daily, but not analyzed on a daily basis. The nature of the suspicious events determines whether it is threated as a security incident

KPN CERT can enforce additional log registration following security research. (We would like to understand this item better before we agree). MEER INFO VAN CISO NOODZAKELIJK

Logging must be carried out in such way, that the log data can be used as evidence in possible court cases. (AGREED)
This means that the integrity and availability of this data must be guaranteed and manipulation of log data is not possible. (AGREED, Negometrix has measures in place to minimize the changes of log data being manipulated. We cannot give a 100% guarantee this will not be the case).

 

 

Related content