apiperCIS
commented
5 years ago Inputs 1) List of logs designated to be aggregated in a central log management system. At a minimum, for each log, this should include the originating system, type of log, and any other information needed to properly identify the log. 2) Approved configuration(s) for the central log management system and originating systems to ensure that each of these designated logs are sent to the central log management system
Operations 1) For each log in Input 1, check the appropriate configurations for the central log management system and/or the originating system from Input 2 to see if the approved configurations are in place for that log to be aggregated. Use this information to make a list of logs whose corresponding settings are properly configured (M1) and a list of logs whose corresponding settings are not properly configured (M2) noting the deviations from the approved configurations.
Measures M1: List of logs whose corresponding settings are properly configured for log aggregation M2: List of logs whose corresponding settings are not properly configured for log aggregation M3: Count of logs whose corresponding settings are properly configured for aggregation (count of M1) M4: Total count of logs designated for log aggregation (count of Input 1)
Metrics Ratio of logs whose corresponding settings are properly configured for log aggregation: M3 / M4
wmunyan
Ensure that appropriate [either delete this or define it] logs are being aggregated to a central log management system for analysis and review.
Measures
Metrics