Logging & Monitoring Platform
Description
The Logging & Monitoring Platform collects, aggregates, and analyzes system, network, and application logs within the Scheol Lab environment. It supports security monitoring, incident detection, and operational visibility across infrastructure and services.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | PLT-LGM-01 |
| CI Type | Platform |
| Asset Name | Logging & Monitoring Platform |
| Asset Category | Security Monitoring |
| Owner | Security Role (Sec) |
| Status | Planned |
| Location | Proxmox VM / Container |
| Primary Function | Centralized logging, alerting, and monitoring |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Platform | Proxmox Virtualization Platform | Planned |
| Platform | Network Security Platform | Planned |
| Information | Log Data | Planned |
| Platform | Identity Management Platform | Planned |
Relationships
| Relationship | Target CI |
|---|---|
| Monitors | Proxmox Host and all deployed services |
| Collects data from | Network Security Platform, Automation Platform, Identity Management Platform |
| Supports | Risk detection, security dashboards, alerts |
| Depends on | Identity Management Platform for access control |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟨 Medium |
| Integrity | 🟥 High |
| Availability | 🟥 High |
Criticality score: 🟥 High
Rationale:
- Integrity is critical because tampered logs could hide malicious activity.
- Availability is critical for timely detection and response.
- Confidentiality is medium: log data may contain sensitive information.
Responsibilities
| Role | Responsibility |
|---|---|
| Security Role (Sec) | Deploy, configure, and maintain logging and monitoring tools |
| Operations Role (Ops) | Ensure proper data collection from infrastructure and services |
| Development Role (Dev) | Integrate applications with monitoring and alerting mechanisms |
Security Controls (High-Level)
- Access control for monitoring interfaces
- Log integrity protection (hashing, signing)
- Alerting for suspicious events
- Network segmentation to protect log servers
- Regular review and audit of collected logs
Security Considerations
Main risks associated with this asset include:
- Tampering or deletion of logs
- Unauthorized access to monitoring dashboards
- Misconfiguration leading to missed alerts or false positives
- Performance degradation impacting data collection
Mitigation measures:
- Restrict access via RBAC and MFA
- Implement log integrity checks
- Regular monitoring of alert rules and dashboard accuracy
- Isolate monitoring infrastructure from public-facing services
Methodological References:
- ISO 27001 - Control 8.3 Information access restriction ; Control 8.15 Logging ; Control 8.16 Monitoring activities.
- NIST CSF - DE.CM Continuous Monitoring ; PR.PT Protective Technology.
- EBIOS RM - Logging and monitoring platforms as detection and investigation assets.