Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set audit record retention period #4043

Open
theathorn opened this issue Apr 5, 2022 · 3 comments
Open

Set audit record retention period #4043

theathorn opened this issue Apr 5, 2022 · 3 comments
Labels
- [priority] Medium compliance [subject] Information and software security enh [type] New feature or request infra [subject] Project infrastructure like CI/CD, build and deployment scripts orange [process] Done by the Azul team

Comments

@theathorn
Copy link

From SSP AU-11 Audit Record Retention:
The organization retains audit records for [FedRAMP Assignment: at least ninety (90) days] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

For CloudTrail Logs, it is planned to have its audit retention record set to minimum one year.
@github-actions github-actions bot added the orange [process] Done by the Azul team label Apr 5, 2022
@melainalegaspi
Copy link

@hannes-ucsc : "This is a cross-cutting concern. We will apply the required retention on any CloudWatch log groups we create in the future. Once we are closer to a full implementation of our logging and monitoring architecture, we will review all log groups again in a spike and fix those that need longer retention."

@melainalegaspi melainalegaspi added spike:8 [process] Spike estimate of eight points enh [type] New feature or request infra [subject] Project infrastructure like CI/CD, build and deployment scripts compliance [subject] Information and software security and removed spike:8 [process] Spike estimate of eight points labels May 3, 2022
@hannes-ucsc hannes-ucsc removed the urgent label Dec 8, 2022
@hannes-ucsc hannes-ucsc added the - [priority] Medium label Feb 24, 2023
@nolunwa-ucsc
Copy link

Planned: review audit log retention across to the system and set it to 90 days on cloudwatch and other services where long retention might cause excessive cost (for example cloudtrail) and 1 year for others (for example S3 access log)

@dsotirho-ucsc
Copy link
Contributor

CloudWatch logs retention is currently set to 180 days for most logs

azul/src/azul/__init__.py

Line 257 in d50be3b

audit_log_retention_days = 180 # FedRAMP mandates 90 days

and 30 days for ElasticSearch error logs

azul/src/azul/__init__.py

Line 259 in d50be3b

verbose_log_retention_days = 30

@dsotirho-ucsc dsotirho-ucsc mentioned this issue Mar 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
- [priority] Medium compliance [subject] Information and software security enh [type] New feature or request infra [subject] Project infrastructure like CI/CD, build and deployment scripts orange [process] Done by the Azul team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hannes-ucsc @theathorn @melainalegaspi @dsotirho-ucsc @nolunwa-ucsc