...
- Generation
- Within ONAP both containers and infrastructure generate raw data that have security concerns.
- Containers (xNFs)
- There currently a SECCOM proposal that specify what type of data should be logged where it should be logged to. In this case STDOUT
- TODO: List STDOUT REQ NUMBER HERE
- That is documented here: https://wiki.onap.org/download/attachments/100895473/2021-02-22_LoggingRequirementEvents_v9.pptx?version=1&modificationDate=1619018452000&api=v2
- There currently a SECCOM proposal that specify what type of data should be logged where it should be logged to. In this case STDOUT
- Infrastructure (Docker and K8S)
- There are a set of logs that both Docker and K8S generate that relate to security monitoring.
- That is documented here: https://wiki.onap.org/download/attachments/103419713/Logging%20-%20ATTACK%20to%20SECCOM_v3.pptx?version=1&modificationDate=1622560207000&api=v2
- Containers (xNFs)
- Within ONAP both containers and infrastructure generate raw data that have security concerns.
- Collection
- How these logs would be collected and aggregated is specified by the ONAP NextGen Presentation by Byung.
- ONAP Next Generation Security & Logging Architecture#ONAPLogging
- old presentation slide deck (see the above link for the latest on) https://wiki.onap.org/download/attachments/103416997/ONAP-Next-Generation-Security-Logging-2021-5-25-v1.pptx?version=1&modificationDate=1621953519000&api=v2
- Analysis
- It is expected that this function out of scope for ONAP. A CSP / MNO will make used of a SIEM. ONAP's role is to provide a means to export security event data. This is where analytics are stored and applied to the data the is ingested from ONAP.
- Presentation by Fabian pertaining to Analysis: ONAP Logs Security Managment1.pptx
- Action
- If we expect ONAP to respond to security events in a closed loop manner, then there needs to be a way for events generated by the SIEM to be ingested back into ONAP.
Comments from Chakar, paraphrased, (7/20/2021 SECCOM Meeting)
- We need to disambiguate "Logging" vs "Data Collection".
- Logging from ONAP and Logging from xNF are not the same.
Terms
This is place where we can standardize our language.
...