Add a way to demonstrate insufficient logging and monitoring vulnerabilities in crAPI (ISSUE 123)

[drraghavendra]

Description

Please include a summary of the change, motivation and context.

ISSUE 123 Add a way to demonstrate insufficient logging and monitoring vulnerabilities in crAPI

[drraghavendra]

Consider the Log monioring.docx file only for this Pull Request @piyushroshan @JBAhire

[drraghavendra]

Log monitoring can be split up into three parts:

1)Log collection:  this includes log enrichment like parsing of logs, converting of logs, filtering of logs, etc.
2)Log management: keeping data retention policies, keeping shards/indexes for better performance, implementing access control as logs contain sensitive in formation, etc.
3)Log monitoring/analysis: visualization, alerting, reporting.

[JBAhire]

@drraghavendra , can you please check in deployments manifests in separate subdirectory inside deployment directory instead of checking in zip files. Zip files are hard to review and consume.

[drraghavendra]

please see the tick marked in checkbox document only.

[JBAhire]

@drraghavendra , can you please explain the changes ones? I see 3 files: deployments zip, grafana prometheus zip, and a monitoring doc.

Can you please unzip the deployment and grafana Prometheus files and check them in the repository?

And how are you demoing insufficient logging vulnerability with current changes?

@piyushroshan , can you also check this one?

[piyushroshan]

Closing this since it doesn't match contribution guidelines and has no activity since last review