nimbus icon indicating copy to clipboard operation
nimbus copied to clipboard

Published 20 hours ago verified publisher icon 5GSEC

API Logging

Open shivaccuknox opened this issue 1 year ago • 0 comments

This work item needs review from the NSF team as jaehyun is also working on eBPF based monitoring of HTTP:

API Logging Intent can detect below techniques

  • Unauthorized access to Network Exposure Function (NEF) via token fraud: DS0015: Logs of connection attempts to NEF
  • Trusted Relationships: DS0015: Monitor logs for unexpected actions taken by any delegated administrator accounts (WebUI)

One possible approach is

  • This intent uses the kubeArmor adapter to trigger KubeArmor to initiate API logging.
  • API logging can be configured on ip:port number. This parameter will have to be supplied by the intent. NEF endpoint, WebUI endpoints
  • The logs can be streamed to SentryFlow

shivaccuknox avatar May 21 '24 12:05 shivaccuknox