Hey Shaw,
Just as you said :) Ultimate goal is to produce a report outlining these
statistics.
Fortreess plays the role of the software component to be monitored.
Regards,
Damian
On 7/29/2016 3:28 PM, Shawn McKinney wrote:
On Jul 28, 2016, at 4:29 PM, Damianos Metallidis <[email protected]> wrote:
The overview / description of the intention of my work is based on an open
source metric-based monitoring tool called prometheus(https://prometheus.io).
Metrics that i am already gathering has to do with response times,throughput,
availability, accessibility etc. I have also declared metrics based on
authorization where i report whenever i have successful or failure
authentications.
Giving a second thought on the implementation of security metrics i have
decided to follow a more generic way and define metrics like: Mean Time of
Incident Recovery, percent of software components without known severe
vulnerabilities etc.
As i am in the interest of a developing monitoring solution (which implements
aggregations and computation formulas on a seconds step) i assume that values
like the breaching of accessing (in the fortress application/service in our
situation) or the improper modification of objects should be given by a third
party security system tool. That said, having this information i could perform
the right aggregations that i have defined.
My role is to observe and give statistics about how the system is safe (in case
of the security property (as i deal with performance also)) and not to develop
let's say an intrusion detection system.
I would be glad to here your opinion about.
Still trying to understand. The goal of your efforts will be a report
outlining these statistics? Or to create / configure another software
component (i.e. prometheus), to be capable of producing these data points,
about other products, such as fortress?
Thanks,
Shawn
