MichaelSides
commented
4 months ago - How is this application hosted? (Self hosted, SAAS, Kubernetes, etc.): SaaS
- If direct to servers, what are their hostnames/operating systems? N/A
- Does the application support logging capabilities? Yes
- Is it log file path based, or module based? API based
- What kind of logs does it generate? e.g. Audit Logs? Audit Logs (Audit Logs, Code Scanning, Secret Scanning, Dependabot) retained for 180 days, Git Logs for 7 days, User Activity Logs upon demand by user (user responsibility): https://github.com/GSA/GitHub-Administration?tab=readme-ov-file#reviewing-the-system-log
- How does the application enable log shipping (e.g. syslog, api)? We prefer to use the elastic agent, which requires the availability of log file paths: GitHub API.......https://www.elastic.co/docs/current/integrations/github. Tech Ops is investigating any and all available options. Q: What are the addresses of the ELK stack if we can figure out how to push the logs directly?
Additional Q: Sandbox or Test instance of ELK that we could start sending data to?
Foot stomp that Mike and Lenia need to be involved in any and all TTS M-21-31 discussions/sessions/anything.
JJediny
At a high level, we are searching for logs that show "who did what, when, and where".
Our objective for this meeting is to either kick off the onboarding and thus scoping process, or to determine a time when we are able to do so.
As a precursor to the scoping process, we have initial questions around how GSA Implementation of GitHub works and its capabilities: