openstack-manuals/doc/security-guide/ch059_case-studies-monitoring-logging.xml
Rhys Oxenham 003980f9f0 Modify the Case Study name to represent content
The case studies in the Security Guide are all provided with
a basic chapter title of "Case Study". There's no clarity as
to which chapter they represent. For readability and usability
this should be updated so that both the index and document
content are accurate.

Change-Id: Id27f8512c26189ce9e2edbf6f605692e581bcddc
Closes-Bug: 1248918
2013-12-16 00:02:24 +00:00

14 lines
2.6 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch059_case-studies-monitoring-logging"><?dbhtml stop-chunking?>
<title>Case Studies: Monitoring and Logging</title>
<para>In this case study we discuss how Alice and Bob would address monitoring and logging in the public vs a private cloud. In both instances, time synchronization and a centralized store of logs become extremely important for performing proper assessments and troubleshooting of anomalies. Just collecting logs is not very useful, a robust monitoring system must be built to generate actionable events.</para>
<section xml:id="ch059_case-studies-monitoring-logging-idp194928">
<title>Alice's Private Cloud</title>
<para>In the private cloud, Alice has a better understanding of the tenants requirements and accordingly can add appropriate oversight and compliance on monitoring and logging. Alice should identify critical services and data and ensure that logging is turned at least on those services and is being aggregated to a central log server. She should start with simple and known use cases and implement correlation and alerting to limit the number of false positives. To implement correlation and alerting, she sends the log data to her organization's existing SIEM tool. Security monitoring should be an ongoing process and she should continue to define use cases and alerts as she has better understanding of the network traffic activity and usage over time.</para>
</section>
<section xml:id="ch059_case-studies-monitoring-logging-idm1936">
<title>Bob's Public Cloud</title>
<para>When it comes to logging, as a public cloud provider, Bob is interested in logging both for situational awareness as well as compliance. That is, compliance that Bob as a provider is subject to as well as his ability to provide timely and relevant logs or reports on the behalf of his customers for their compliance audits. With that in mind, Bob configures all of his instances, nodes, and infrastructure devices to perform time synchronization with an external, known good time device. Additionally, Bob's team has built a Django based web applications for his customers to perform self-service log retrieval from Bob's SIEM tool. Bob also uses this SIEM tool along with a robust set of alerts and integration with his CMDB to provide operational awareness to both customers and cloud administrators.</para>
</section>
</chapter>