Hi Sanjeewa/Tharindu and all, I have done some reading on this area and has come-up with the doc based on guidelines. Following is the summary based on my reading,
GDPR does not directly mention the recommendations related with logging and monitoring. However based on various points given under the regulations, we could derive some of the important guidelines that need to be followed while doing audit logging. Most of OWASP’s guidelines for logging and monitoring agrees with the logging and monitoring requirement for GDPR. Following are the some most important points while doing the auditing. 1. Audit logs should have the details of modifications and retrieval tasks done on personal data. We may have different log levels for this. For modification, we could give higher severity and for retrieval , we could give lower severity. 2. Each audit log should include who, where, whom and what Based on this following are the most import improvements that need to be included. - Need to introduce logs for all the modification and viewing purpose. Importantly, we need to log all the activities related with the users who have adminstrator priviledges. - Need to decide on introducing different severity levels for audit logs - Make sure that each log entry include who, where, why and what. As a starting point, I will be investigating on feasiibility of impoving current UserAuditLogger to accomadate all these improvements. Appreciate your suggestions on this. [1] https://docs.google.com/document/d/1hVewKDQ_-vhnkYX1ChC6lIBoEfuC-E2r43Tbd6eZL4g/edit?usp=sharing Thanks , Regards, Megala On Wed, Mar 14, 2018 at 9:35 AM, Sanjeewa Malalgoda <[email protected]> wrote: > There are some recommendations related to GDPR and it would be great if we > can search little bit. Then we can figure out what we need to do > additionally support GDPR requirements. Log access to personal data is > something everyone discuss these days. As recommended every read operation > on a personal data record should be logged, so that user/admin know who > accessed what and for what purpose. > > Sagara, Ruwan may provide better guidance. > > Thanks, > sanjeewa. > > On Wed, Mar 14, 2018 at 9:26 AM, Megala Uthayakumar <[email protected]> > wrote: > >> Hi Tharindu, >> >> Thanks for the response. I think we could define a new format, given that >> it improves the search based on logs. I will go through provided docs. >> >> Thanks. >> >> Regards, >> Megala >> >> On Tue, Mar 13, 2018 at 5:19 PM, Tharindu Edirisinghe <[email protected] >> > wrote: >> >>> Hi Megala, >>> >>> For improving the search friendliness, are you defining a new format for >>> the audit log entry ? >>> >>> Currently we have following format. >>> >>> <Initiator> | <Action> | <Target> | <Data> | <Result> >>> >>> Eg: INFO {AUDIT_LOG}- Initiator : [email protected] | Action : Add >>> User | Target : newuser | Data : { Roles : } | Result : Success >>> >>> In OWASP Top 10 list of vulnerabilities for 2017 [1], "Logging & >>> Monitoring" is newly introduced due to it's importance. >>> >>> You can refer [2] for more information on this and accommodate the >>> recommendations in your improvements. >>> >>> [1] https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf >>> [2] https://www.owasp.org/index.php/Logging_Cheat_Sheet >>> >>> Regards, >>> TharinduE >>> >>> On Tue, Mar 13, 2018 at 4:03 PM, Megala Uthayakumar <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am working on improving audit logs related with user management >>>> tasks. Currently we have audit logs upto some extent, however it could be >>>> further improved. So in this improvement I will focusing on following tasks >>>> >>>> 1. Modifying the current audit logs, so that they will give better >>>> information regarding the user management tasks done by a user. >>>> 2. Focusing on search friendly logs, which the search based on a >>>> regex will return the relevant results expected by the server admin. >>>> 3. Currently we have not implemented some methods >>>> from AbstractUserOperationEventListener in UserMgtAuditLogger[1], >>>> the event listener for logging audit logs related with user management. >>>> So >>>> will be focusing on implementing the other relevant methods to add the >>>> meaningful audit logs. >>>> 4. Focusing on solving the issues that are reported already related >>>> with user-mgt related audit logs[2]. >>>> >>>> I have created a user story doc for this improvement[3] . Appreciate >>>> your comments and suggestions on this to further improve the audit logs >>>> related with user management. >>>> >>>> [1] https://github.com/wso2/carbon-identity-framework/blob/5 >>>> .11.x/components/user-mgt/org.wso2.carbon.user.mgt/src/main/ >>>> java/org/wso2/carbon/user/mgt/listeners/UserMgtAuditLogger.java >>>> [2] https://github.com/wso2/product-is/issues?utf8=%E2%9C%93 >>>> &q=is%3Aissue+is%3Aopen+audit >>>> [3] https://docs.google.com/document/d/1Ls0VuLsJaQtQAPgR3Nkw >>>> trcbFUvVZuPW_gXA7bV5mmo/edit?usp=sharing >>>> >>>> Thanks. >>>> >>>> Regards, >>>> Megala >>>> -- >>>> Megala Uthayakumar >>>> >>>> Senior Software Engineer >>>> Mobile : 0779967122 <077%20996%207122> >>>> >>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 <+94%2077%20518%201586> >>> >> >> >> >> -- >> Megala Uthayakumar >> >> Senior Software Engineer >> Mobile : 0779967122 <077%20996%207122> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 <+94%2071%20306%208779> > > <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. > blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Megala Uthayakumar Senior Software Engineer Mobile : 0779967122
Logging guidlines based on OWASP and GDRP.pdf
Description: Adobe PDF document
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
