Activity Description
The goal of this activity is to develop a set of security requirements, security best practices and define a realistic plan to bring a consistent logging across ONAP to support security analytics.
Scope of Activity
In an effort to scope the activity the following table was developed
...
.
The below matrix is organized by log lifecycle across ONAP Components and Services. The components and services are further broken down by application, container and infrastructure.
a representation of the log management categories (lifecycle) in relation to the two categories of run-time logs (logs of ONAP events, logs of events from services orchestrated by ONAP).
| Phase | 1 (ONAP Based Events) | 2 (events from services orchestrated by ONAP) | |||||
|---|---|---|---|---|---|---|---|
| ONAP Components (e.g., DCAE, SDC, etc.) | Services (xNF, xApps) | ||||||
| Lifecycle | Application | Container (k8s and Docker) | Infrastructure | Application | Container | Infrastructure | |
| How they are generated | Generation | X | X | ||||
| How they are made available | Collection | X | X | ||||
| Monitoring | |||||||
| Alerting | |||||||
| Response | P | P | X | X | |||
Phase 1 will focus on logs of ONAP events.
Phase 2 will focus on logs of events from services orchestrated by ONAP
Key
X: Indicates what is in-scope for ONAP
...
"System/infrastructure logging” refers to the separate/related set of logs produced by software components not developed for ONAP (e.g. DBMS, application container, web servers, ‘middle boxes’, JVM, OS, hypervisor, etc.) that are used in the implementation of these components." (See reference #4).
Scope
...
1
(ONAP Based Events)
...
2
(events from services orchestrated by ONAP)
...
)
...
Container
(k8s and Docker)
...
Phase 1 will focus on logs of ONAP events.Phase 2 will focus on logs of events from services orchestrated by ONAP
Notes
At a high level there are 5 broad categories in regards to Security Event Management (Or is this a Security Event Lifecycle?)
...