How to effectively tie organizational owner to systems, applications, and services to enforce security mandates

(Andrew Feller) #1

We are working to lockdown elastic stack access to organizational units that own and operate services. To this end, I was hoping others in the community that must support ISO 27K can elaborate on how they capture organizational information relative to systems, applications, and services for the purposes of security.

I don't know if people try to use the doc_type attribute of log events to reflect this information or use completely custom attributes. Documentation[1] simply describe doc_type as The type of the document the data will be indexed as.

I'd appreciate whatever insights and recommendations anyone has to offer!

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.