Deployed 69114c1 with MkDocs version: 1.6.1

equinor · Nov 13, 2024 · 83fa47f · 83fa47f
1 parent e0b7ddb
commit 83fa47f
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 64 deletions.
diff --git a/guidelines/logging-monitoring/index.html b/guidelines/logging-monitoring/index.html
@@ -2773,7 +2773,7 @@ <h1 id="web-application-logging-and-monitoring">Web Application Logging and Moni
 <h2 id="tldr">TL;DR<a class="headerlink" href="#tldr" title="Permanent link">&para;</a></h2>
 <ul>
 <li>Application teams should ensure that logging and monitoring is in place for operational and maintenance purposes</li>
-<li>Security Logging should be logged to it's own <strong>Azure Log Analytics</strong> workspace</li>
+<li>The front-end is a <strong>public client</strong> and the logs from it <strong>cannot be trusted</strong></li>
 <li>Do a <strong>threat model</strong> to see where security logging would benefit you the most</li>
 </ul>
 <h2 id="application-specific-logging-monitoring">Application Specific Logging &amp; Monitoring<a class="headerlink" href="#application-specific-logging-monitoring" title="Permanent link">&para;</a></h2>
@@ -2796,7 +2796,7 @@ <h4 id="examples">Examples<a class="headerlink" href="#examples" title="Permanen
 <li><code>Privileged (admin) access:</code> Some applications may include special permissions for admins. What application admins can do is determined by the application, so misuse of admin credentials is a threat in the scope of the application. Logging accesses and actions performed by admins is a valid mitigation strategy</li>
 </ul>
 <h4 id="where-to-store-security-logs">Where to store security logs<a class="headerlink" href="#where-to-store-security-logs" title="Permanent link">&para;</a></h4>
-<p>We recommend security logs being stored in a Azure Log Analytics workspace separate from your <a href="#maintenance--operational-logging">Maintenance &amp; Operational Logging</a>. This is so it can be easily consumed if you are asked for your security logs.</p>
+<p>It depends on your situation is the "boring answer". If you have a small application, it might be practical to have the security logs with your application logs. If you have a big application, it might be useful to store security logs in a Azure Log Analytics workspace separate from your <a href="#maintenance--operational-logging">Maintenance &amp; Operational Logging</a>. This is so it can be easily consumed if you are asked for your security logs.</p>
 <h3 id="maintenance-operational-logging">Maintenance &amp; Operational Logging<a class="headerlink" href="#maintenance-operational-logging" title="Permanent link">&para;</a></h3>
 <p>The application teams should ensure, that logging and monitoring is in place for operational and maintenance purposes.</p>
 <p>We recommend that teams address and put into place a logging strategy as soon as possible in the software development life cycle. We have experienced that the later logging is addressed the harder it is to put into place.</p>
@@ -2811,20 +2811,27 @@ <h3 id="maintenance-operational-logging">Maintenance &amp; Operational Logging<a
 </div>
 <p>The granularity of logging and frequency of monitoring will depend on the criticality of the application and of the information managed by it.</p>
 <p>Iterative <strong>threat modeling sessions</strong> should be conducted to access the level of logging and monitoring required. These sessions should involve the BSO/TPM as they will be the best equipped to provide insight into the business and security requirements of the application.</p>
+<p>Depending on your selected log strategy, you should consider having <strong>immutable logs</strong>, especially if you are handling confidential data.</p>
 <p><code>Critical or sensitive information, access tokens, secrets, source code, keys, certificates, etc.. are examples of what should never be logged.</code></p>
 <h3 id="personal-identifiable-information-pii-gdpr">Personal Identifiable Information (PII) &amp; GDPR<a class="headerlink" href="#personal-identifiable-information-pii-gdpr" title="Permanent link">&para;</a></h3>
 <p>The team should pay particular attention to minimize to the absolute minimum the collection and storage of any kind of private or personal identifiable information (PII) in the log files.</p>
 <p>We recommend consulting the <a href="https://wiki.equinor.com/wiki/Software:Gdpr_guideline">GDPR - Privacy by Design Guideline</a> for further guidance.</p>
 <h3 id="logging-on-the-back-end-vs-front-end">Logging on the back-end vs front-end<a class="headerlink" href="#logging-on-the-back-end-vs-front-end" title="Permanent link">&para;</a></h3>
 <div class="admonition tip">
 <p class="admonition-title">Tip</p>
-<p>The <strong>back-end</strong> is a <strong>confidential client</strong>, the logs prevenient from it can be trusted.</p>
-<p>The <strong>front-end</strong> is a <strong>public client</strong> as such the logs prevenient from it cannot be trusted.</p>
+<p>The <strong>back-end</strong> is a <strong>confidential client</strong>, the logs presented from it can be trusted.</p>
+<p>The <strong>front-end</strong> is a <strong>public client</strong> as such the logs presented from it cannot be trusted.</p>
 </div>
 <p>Ideally, if <strong>front-end</strong> logging is necessary, a separate logging instance should be set up for both the <strong>back-end</strong> and <strong>front-end</strong>.
 If sharing the same logging instance, we suggest you tag the logs with the source when prevenient from the backend, so it can be easily identified and distinguished which are trusted logs and which are untrusted logs.</p>
 <h3 id="retention-period">Retention Period<a class="headerlink" href="#retention-period" title="Permanent link">&para;</a></h3>
-<p>In accordance to <a href="https://docmap.equinor.com/Docmap/page/doc/dmDocIndex.html?DOCKEYID=1000005127">TR2375 SR133039</a>, if the logs contain personal information they shall be stored for 3 months, other logs shall be stored for 18 months.</p>
+<p>In accordance to <a href="https://docmap.equinor.com/Docmap/page/doc/dmDocIndex.html?DOCKEYID=1000005127">TR2375 SR133039</a>:</p>
+<ul>
+<li>Access logs from solutions containing personal data shall be stored for 3 months</li>
+<li>Logs that enable detection and investigation of incidents shall be stored for 3 months</li>
+<li>Logs are from applications and systems processing confidential information shall be stored for 18 months</li>
+</ul>
+<p>We do recommend setting up auto deletion of logs after they have passed the intended retention period to reduce cost and manual maintenance.</p>
 <h2 id="logging-monitoring-best-practices">Logging &amp; Monitoring Best Practices<a class="headerlink" href="#logging-monitoring-best-practices" title="Permanent link">&para;</a></h2>
 <p>There are some best practices that we recommend teams to keep in mind when implementing logging and monitoring into their applications.</p>
 <h3 id="monitoring-alerting">Monitoring &amp; Alerting<a class="headerlink" href="#monitoring-alerting" title="Permanent link">&para;</a></h3>
@@ -2833,7 +2840,7 @@ <h3 id="monitoring-alerting">Monitoring &amp; Alerting<a class="headerlink" href
 <p class="admonition-title">Info</p>
 <p>Monitoring and alerts should not take most of the time from the team.</p>
 </div>
-<p>Monitoring and alerts can quickly become overwhelming. It can be considered for teams that want to be proactive on identifying issues in the application before their users or it can be a good mitigation strategy for a threat identified during a threat modeling session.</p>
+<p>Monitoring and alerts can quickly become overwhelming. It can be considered for teams that want to be proactive on identifying issues in the application before their users or it can be a good mitigation strategy for a threat identified during a <strong>threat modeling session.</strong></p>
 <h3 id="resources">Resources<a class="headerlink" href="#resources" title="Permanent link">&para;</a></h3>
 <p>Here are some resources on logging and monitoring we can recommend:</p>
 <ul>
@@ -2864,7 +2871,7 @@ <h3 id="resources">Resources<a class="headerlink" href="#resources" title="Perma
     <span class="md-icon" title="Last update">
       <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z"/></svg>
     </span>
-    <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 11, 2024</span>
+    <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 13, 2024</span>
   </span>
 
 

diff --git a/search/search_index.json b/search/search_index.json
diff --git a/sitemap.xml b/sitemap.xml
@@ -2,226 +2,226 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>https://equinor.github.io/appsec/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/about/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/about/privacy/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/authn-authz/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/gh-actions-runners/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/git-github/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/git-signed-commits/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/logging-monitoring/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/postman/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/secret-scanning/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/sharing-secrets/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/guidelines/FAQ/pre-commit-faq/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/learning-material/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/security_requirements/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/security_testing/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/tools/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/resources/stories/meet_the_appsec_team/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/1-new_security_champion/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/2-security_champion_activities/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/3-faq/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/4-learning-platform/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/5-merch/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/6-offboarding/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/7-about/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/8-useful-links/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/events/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/events/2022/1-sc-info-meeting/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/events/2022/sc-kickoff-agenda/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/events/2023/1-sc-meetup-2/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/events/2024/1-sc-meetup-3/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/security-champion/stories/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/2-about-snyk/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/3-snyk_support/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/4-vulnerabilities/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/1-snyk_products/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/2-integrations/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/3-projects/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/4-scan_results/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/5-advanced/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/snyk/curriculum/6-faq/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/resources/threat_modelling/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/resources/zgamified/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/1-about/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/2-next-steps/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/3-cheat-sheet/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-EOP-cardgame/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-explore/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-privacy/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
     <url>
          <loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-remote-tm/</loc>
-         <lastmod>2024-11-11</lastmod>
+         <lastmod>2024-11-13</lastmod>
     </url>
 </urlset>
diff --git a/sitemap.xml.gz b/sitemap.xml.gz