Hey Shawn,
Thanks again for your interest.
The overview / description of the intention of my work is based on an
open source metric-based monitoring tool called
prometheus(https://prometheus.io).
Metrics that i am already gathering has to do with response
times,throughput, availability, accessibility etc. I have also declared
metrics based on authorization where i report whenever i have successful
or failure authentications.
Giving a second thought on the implementation of security metrics i have
decided to follow a more generic way and define metrics like: Mean Time
of Incident Recovery, percent of software components without known
severe vulnerabilities etc.
As i am in the interest of a developing monitoring solution (which
implements aggregations and computation formulas on a seconds step) i
assume that values like the breaching of accessing (in the fortress
application/service in our situation) or the improper modification of
objects should be given by a third party security system tool. That
said, having this information i could perform the right aggregations
that i have defined.
My role is to observe and give statistics about how the system is safe
(in case of the security property (as i deal with performance also)) and
not to develop let's say an intrusion detection system.
I would be glad to here your opinion about.
My best regards,
Damian
On 7/28/2016 9:01 PM, Shawn McKinney wrote:
On Jul 28, 2016, at 10:51 AM, Damianos Metallidis <[email protected]> wrote:
In reality i am searching for a way to monitor authentication and access on
services/application that could be widely adaptable. Authentication for me was
just a simple check so i am fine with it and how to report it.
The access monitoring control has put me into thoughts cause i need to define
metric/s of that type (being widely adaptable), but the thing is that the
community is full of services and applications and i am not sure how such a
metric is of importance in a monitoring system.
From the other hand perhaps i could refer for accessing only for RBAC
services/application starting from fortress.
Interesting idea but leads to so many questions. Is there an overview /
description of this activity that can provide more details?
I ask because, as I’m sure you know, there are so many ways to apply
authorization inside of applications. Declarative or programmatic apis.
Coarse, medium and fine-grained controls. And what types of metrics are you
trying to gather here? Details about the subject, resource being targeted,
date/time, or response times / throughput? What are the requirements for
gathering the data - performance monitoring or security audit?
Maybe if I understood a little better I could point you in the right direction.
Thanks,
Shawn
