compliantkubernetes-apps
compliantkubernetes-apps copied to clipboard
elastisys
Opensearch dashboard/alert for log reviews
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Since we want to make the log reviewing process as simple as possible we should create some initial dashboard to show some simple metrics for this and possibly also add an alert for some simple scenarios.
Describe the solution you'd like A clear and concise description of what you want to happen.
Create a dashboard in opensearch that shows some metrics for different type of suspicious logs. This can be stuff like "forbidden", "unauthorized", "permission denied", etc.
Also if it's possible and that it will not create a bunch of noise, create an alert that can alert on sudden changes in these metrics or something like that. So that operators can be alerted on some suspicious behavior.
Relevant document for this issue: https://elastisys.io/compliantkubernetes/ciso-guide/log-review/#how-to-do-log-review
Definition of done: When could this feature be considered done.
- There exists a dashboard that shows some relevant metrics for suspicious logs
- [Optional] There's some alerts that can alert operators regarding suspicious logs
