pburkholder
commented
4 years ago Tagging @MelissaBraxton @mgwalker @mheadd
Closed pburkholder closed 4 years ago
pburkholder
commented
4 years ago Tagging @MelissaBraxton @mgwalker @mheadd
JonathanLerner54
commented
4 years ago Thanks Peter, Standing by for a solution from your guys . Much appreciated.
pburkholder
commented
4 years ago I've rescoped this issue to cover what we can do in one week, with one of the outcomes to create the next chunk of work. This doesn't change the overall goal here, but GitHub issues doesn't have a good mechanism for Epics, so scoping this smaller helps keep work moving across our board.
spgreenberg
commented
4 years ago @pburkholder Can you review the option I came up with here and provide feedback? https://docs.google.com/document/d/19v4ykZ5fIPygsHnz3ErcM5tdl6UZM62sGTMdE43XD2Q/edit?usp=sharing
JonathanLerner54
commented
4 years ago I'm can't access the document, I just clicked the request access, so standing by
spgreenberg
commented
4 years ago Hi @JonathanLerner54. In that doc, I outlined a possible solution that includes what I think are viable short and long term options. I cannot share that doc outside of our team given it is in a team folder (at least I don't believe I can). I would also like Peter to review it first as I want to be sure the requirements and intent of the work would be met.
JonathanLerner54
commented
4 years ago OK, I was asked to review the document, so I’ll stand by while you work the issues out.
Thanks,
JON L
[Forest Service Shield] Jon Lerner, CISSP Cybersecurity Engineer Forest Service Contractor Forest Service p: 703-943-8421 jonathan.lerner@usda.govmailto:jonathan.lerner@usda.gov 1400 Independence Avenue SW Washington, DC 20250 www.fs.fed.ushttp://www.fs.fed.us/ [USDA Logo]http://usda.gov/ [Forest Service Twitter] https://twitter.com/forestservice [USDA Facebook] https://www.facebook.com/pages/US-Forest-Service/1431984283714112 Caring for the land and serving people
From: Steve Greenberg notifications@github.com Sent: Wednesday, October 21, 2020 8:42 PM To: cloud-gov/product product@noreply.github.com Cc: Lerner, Jonathan - FS jonathan.lerner@usda.gov; Mention mention@noreply.github.com Subject: Re: [cloud-gov/product] Outline options to ship RDS instance logs to customers (#1454)
Hi @JonathanLerner54https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FJonathanLerner54&data=04%7C01%7C%7C963139f7b9804063067708d876233a39%7Ced5b36e701ee4ebc867ee03cfa0d4697%7C0%7C0%7C637389240957061846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=g6SkIahzHo9XtncL4SlkCVuQFZvvl5q7wMRdjmh2IpE%3D&reserved=0. In that doc, I outlined a possible solution that includes what I think are viable short and long term options. I cannot share that doc outside of our team given it is in a team folder (at least I don't believe I can). I would also like Peter to review it first as I want to be sure the requirements and intent of the work would be met.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcloud-gov%2Fproduct%2Fissues%2F1454%23issuecomment-714073569&data=04%7C01%7C%7C963139f7b9804063067708d876233a39%7Ced5b36e701ee4ebc867ee03cfa0d4697%7C0%7C0%7C637389240957071783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zpln%2Fq49DO4V9ML6UWdvLI%2BncNWEgmxacJUW0ZIej0Y%3D&reserved=0, or unsubscribehttps://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAMERQWHDKQSSNLGNTRXWZSTSL55T3ANCNFSM4SCE5OEQ&data=04%7C01%7C%7C963139f7b9804063067708d876233a39%7Ced5b36e701ee4ebc867ee03cfa0d4697%7C0%7C0%7C637389240957071783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d9nrARBBPhqoGe%2BWuBaWlt3qAPOSKwbQ51ISVNvg4KI%3D&reserved=0.
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
spgreenberg
commented
4 years ago @JonathanLerner54 I realize you can't see the internal doc link above but you should be able to see the issues above (let me know if you can't). In summary, we believe we can ship logs from RDS to S3 and/or Kibana (logs.fr.cloud.gov). There is a good amount of work required to make this happen but it should be possible.
JonathanLerner54
commented
4 years ago Thanks Steve, Yes I have been following the progress. So I'll be standing by for more info or seeing the new report.
While you are working the issue, please look into allowing these report to be forwarded to User's SIEM tools. This will greatly enhance cloud.gov's so that your users can implement a single pane of glass for operations and security situational awareness, reporting and Trend analysis.
Regards,
JON L
JonathanLerner54
commented
3 years ago Please Add Matt Reiss to any future development on this as I am starting my retirement on Dec 01, 2020. Matt's email is: matthew.reiss@usda.gov Thanks,
JON L
In order to meet customer's security and compliance needs, they may need to receive instance event information either as logs or periodic reports.
This is an urgent need for one current customer already in production.
The scope of this issue is to generate options for meeting the AU-5 needs for one customer.
Options that are scalable and repeatable are good too
Implementation for either the one-off or the repeatable solution should be delegated to subsequent ticket.
Security considerations
Solution will need to respect tenant isolation, so this simply won't happen for our shared databases.
Acceptance criteria