Smoothing awkward sentence structure around incident response
Made 'black list' one word Changed tense to 'recommending strengthening of' Removed detected and in some cases Change-Id: Ieff654861cadeb3d355a997a59f4267a38aba401 Closes-Bug: #1342946
This commit is contained in:
parent
5ce4ae8b6c
commit
ee4ba77678
|
@ -11,7 +11,7 @@
|
|||
<para>The basics of logging: configuration, setting log level, location of the log files, and how to use and customize logs, as well as how to do centralized collections of logs is well covered in the <link xlink:href="http://docs.openstack.org/ops/"><citetitle>OpenStack Operations Guide</citetitle></link>.</para>
|
||||
<para>Logs are not only valuable for proactive security and continuous compliance activities, but they are also a valuable information source for investigating and responding to incidents.</para>
|
||||
<para>For instance, analyzing the access logs of Identity Service or its replacement authentication system would alert us to failed logins, their frequency, origin IP, whether the events are restricted to select accounts etc. Log analysis supports detection.</para>
|
||||
<para>On detection, further action may be to black list an IP, or recommend strengthening user passwords, or even de-activating a user account if it is deemed dormant.</para>
|
||||
<para>Actions may be taken to mitigate potential malicious activity such as blacklisting an IP address, recommending the strengthening of user passwords, or de-activating a user account if it is deemed dormant.</para>
|
||||
<section xml:id="forensics-and-incident-response-idp60511">
|
||||
<title>Monitoring use cases</title>
|
||||
<para>Monitoring events is more pro-active and provides real-time detection and response. There are several tools to aid in monitoring.</para>
|
||||
|
|
Loading…
Reference in New Issue