Commit 6261cef1 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Start to outline requirements

parent b55912f7

EN-304-622.md

+35 −4
Original line number Diff line number Diff line
@@ -364,11 +364,16 @@ The essential functions of all SIEM systems are to collect, analyze and report o 
* Analytics and modelling



### 4.7.3 Data Reporting

* Reports activities and results of analysis to users, often through use of dashboards and other visualization tools.

* Allows users to run queries and organize data.



* Reports activities and results of analysis to users, often through use of dashboards and other visualization tools

* Allows users to run queries and organize data

* Provides reports for compliance purposes

* Alerts user of potential security threats or other anomolies



### 4.7.4 Configuration



* Allows users to configure the behavior of the system, including authentication



## 4.8 Operational Environment



The technical requirements of the present document apply under the environmental profile for operation of the equipment, which shall be in accordance with its intended use. The equipment shall comply with all the technical requirements of the present document at all times when operating within the boundary limits of the operational environmental profile defined by its intended use.
@@ -429,6 +434,23 @@ _Example technical security requirements can be found in related standards, such 
* _PT2 drafts, available in the [ETSI DocBox](https://docbox.etsi.org/CYBER/CYBER/CEN-CLC/JTC13/WG09)_

* _ENISA's [CRA Requirements Standards Mapping](https://www.enisa.europa.eu/sites/default/files/2024-11/Cyber%20Resilience%20Act%20Requirements%20Standards%20Mapping%20-%20final_with_identifiers_0.pdf)



Threat: wrong permissions on the web interface

 - Requirement: conform to some existing standard on web interfaces? OWASP https://owasp.org/www-project-web-security-testing-guide/

 - Requirement: document every single endpoint or API or something and why its permissions are appropriate?

   - test: scan of some sort??? what do hackers use?



Threat: administrator will be able to see client secrets?

Threat: compromise of SIEM will compromise other systems?

 - Requirement: if an attacker gets access to logs, they don't have access to anything that would allow them to compromise another system???

Threat: logging secrets (passwords, ssh private keys, notifications)

 - Requirement: ???

 - test: ??? document everything that is logged and then explain why it won't have a secret??



 - Requirement: SIEM's own logs don't have anything secret in them

 - Requirement: SIEM has some kind interface that makes it hard for clients to log secrets



https://www.skyflow.com/post/how-to-keep-sensitive-data-out-of-your-logs-nine-best-practices



# Annex A (informative): Mapping between the present document and CRA requirements



_Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements._
@@ -460,11 +482,14 @@ _List any related ETSI standards and how they interact with the present document 


### C.1.1 Data



_What data is stored on the product?_

* Credentials

* Logs

* Configuration

* Product of analysis



### C.1.2 Product functions



_See the functions in Section 4.4._

_See the functions in Section 4.7._



## C.2 Threats
@@ -475,6 +500,12 @@ _Based on the assets, what are the threats during:_ 


_Example threats can be found in the same documents suggested in the section on security requirements._



* XSS vulnerability

* Logging secrets

* General permissions issues

* General file or interface permission issues

* Improper certificate validation



## C.3 Assumptions



_List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases. Some examples might include:_