Consider making basic logging part of L1 #1419
Assignees
Labels
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
requirement level
Issue related to requirement levels
V7
Temporary label for grouping logging related issues
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
Comments
jmanico
added
the
_5.0 - draft
|
First - it is hard to set levels, before we have not (re)defined levels. To change level to 1 for logging, we need to get rid of "blackbox pentestable" from level 1. And if we did, then I think 1.7.1 can be level 1 but I'm not that sure about 1.7.2. |
tghosth
added
1) Discussion ongoing
|
I tend to agree given the move towards shaping the levels based on risk. @elarlang to handle this as part of the V7 reorganization. 1.7.2 is definitely implementation requirement. 1.7.1 maybe needs to be part of the logging inventory/documentation requirement. |
Closed
|
Update:
|
elarlang
added
the
4a) Waiting for another
tghosth
added
4b Major-rework
|
I think this is redundant for now since things got moved around. I think we need to cut down L1 as much as possible so not sure logging will make it. I am going to push this to the draft stage. |
tghosth
added
_5.0 - draft
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why not make these level 1? Basic logging seems critical for all apps.
1.7.1 | Verify that a common logging format and approach is used across the system. (C9) | | ✓ | ✓ | 1009
1.7.2 | Verify that logs are securely transmitted to a preferably remote system for analysis, detection, alerting, and escalation. (C9) | | ✓ | ✓
#DanWasHere
The text was updated successfully, but these errors were encountered: