Fork me on GitHub

Information Gathering -> Monitoring: Defense metrics

Risk and Opportunity

Risk: IDS/IPS systems like packet- or application-firewalls detect and prevent attacks. It is not known how many attacks has been detected and blocked.
Opportunity: Gathering of defense metrics like TCP/UDP sources enables to assume the geographic location of the request. Assuming a Kubernetes cluster with an egress-traffic filter (e.g. IP/domain based), an alert might be send out in case of every violation. For ingress-traffic, alerting might not even be considered.

Additional Information

Dependencies: Visualized metrics, Filter outgoing traffic

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017