...
- Within ONAP both containers and infrastructure generate raw data that have security concerns.
- Containers (xNFs)
- Infrastructure (Docker and K8S)
- There are a set of logs that both Docker and K8S generate that relate to security monitoring.
- That is documented here: https://wiki.onap.org/download/attachments/103419713/Logging%20-%20ATTACK%20to%20SECCOM_v3.pptx?version=1&modificationDate=1622560207000&api=v2
These below refer to the ONAP (Application and Infrastructure Columns)
Proposed Security Event Generation Requirements
[CON-LOG-REQ-1] The container and container application MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege. [Reference: R-54520]
...
[CON-LOG-REQ-6] The container and container application MUST log the addition and deletion of files in the container.
Proposed Required Metadata for Security Events
[CON-LOG-REQ-7] The container and container application MUST log the field “date/time” in the security audit logs. [Reference: R-97445]
...