“As a blue team member, I want to authenticate incoming log data so that I know what source it came from, and whether restriction is required”
Background:
Why do we want it?
To maintain integrity and confidentiality of system.
Who is this for?
Blue team members and admins.
Do we have data to support it?
If data is accepted from a malicious source--speed, integrity and overall security of the system is compromised.
Solution/Requirements:
IP Whitelisting
SSH Key Pairs
Design resources (if any)
Dependencies:
AWS Management Dashboard to manually change/add rules to security group
encryption libraries
any external APIs that need to be integrated
List of Tasks
Determine what makes log data valid
Decide on authentication mechanism
Establish-log collection-server (IP whitelisting will probably be implemented at this level)
Implement encryption method to securely send data
Tests will be performed to authenticate log data, evaluating sources with valid ones
Estimated Timeline
1 week - 3 weeks
Open Questions (if any)
Acceptance Criteria
System must validate authenticity of incoming log data using key pairs/IP restrictions. Naturally, we will want to test the time it takes to authenticate as well and makes sure it is acceptable.
Definition of done
Feature is peer-reviewed, tested, and documentation is updated to explain feature.
User story statement:
“As a blue team member, I want to authenticate incoming log data so that I know what source it came from, and whether restriction is required”
Background:
Why do we want it?
To maintain integrity and confidentiality of system.
Who is this for?
Blue team members and admins.
Do we have data to support it?
If data is accepted from a malicious source--speed, integrity and overall security of the system is compromised.
Solution/Requirements:
Design resources (if any)
Dependencies:
List of Tasks
Estimated Timeline
1 week - 3 weeks
Open Questions (if any)
Acceptance Criteria
System must validate authenticity of incoming log data using key pairs/IP restrictions. Naturally, we will want to test the time it takes to authenticate as well and makes sure it is acceptable.
Definition of done
Feature is peer-reviewed, tested, and documentation is updated to explain feature.