Skip to content

Commit

Permalink
Merge branch 'main' into mut_rl_service
Browse files Browse the repository at this point in the history
  • Loading branch information
MR2011 authored Jul 11, 2024
2 parents a0a9be6 + 0551d0f commit 955b67a
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 40 deletions.
37 changes: 32 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,41 @@

[![REUSE status](https://api.reuse.software/badge/github.com/cloudoperators/heureka)](https://api.reuse.software/info/github.com/cloudoperators/heureka)

## Overview

Heureka is a Security Posture Management tool designed to manage the security issues in a complex technology landsacape.
**Heureka** is a Security Posture Management tool designed to manage security issues in a complex technology landscape.

Heureka is commited to empower service owners with a central platform for proactive security management. It seamlessly integrates key components such as advanced patch management, intelligent SIEM analysis, and automated policy enforcement.
It aims to empower service owners with a central platform for proactive security management by integrating key components such as advanced patch management, intelligent SIEM analysis, and automated policy enforcement.

It is also designed to address the critical compliance aspect as it is equipped with capabilities to track the end-to-end remediation processes, thereby providing tangible compliance evidence. This approach to security posture management ensures a comprehensive and professional approach to maintaining robust security standards.


## Value Propositions

**1. Enhanced Visibility and Security Posture**

A holistic view of the technology landscape, enabling proactive identification and tracking of security issues.

**2. Streamlined Security Operations**

Centrally manage security posture, automate patch management, enforce consistent configurations, and improve threat detection with SIEM integration.

**3. Enhanced Compliance, and Auditability**

Facilitate compliance by tracking remediation progress and providing a complete audit trail (evidence) with detailed documentation of state changes and actions taken.


## Architecture & Design

For a detailed understanding of the system's architecture and design, refer to the following resources:

- [Heureka Product Design Document](docs/product_design_documentation.md): This document provides a general overview, a glossary of terms, and user personas relevant to Heureka.
- [Entity Relationship Documentation](docs/entity_relationships.md): This document outlines the core entities within Heureka and how they interact with each other.

**Additional Resources Coming Soon**

- High-Level Architecture Diagrams: These diagrams will provide a visual representation of the overall system architecture, expected to be published before the end of Q3.
- High-Level Features: A high-level overview of the system's functionalities is also planned for publication before the end of Q3.

It is also designed to address the critical compliance aspect as it is equipped with capabilities to track the end-to-end remediation process, thereby providing tangible compliance evidence. This approach to security posture management ensures
a comprehensive and professional approach to maintaining robust security standards.

## Requirements and Setup

Expand Down
Original file line number Diff line number Diff line change
@@ -1,28 +1,28 @@
# Technical Design Document - Heureka
# Product Design Document - Heureka

## General Overview
## Vision

Heureka is a Security Posture Management tool designed to manage the security issues in a complex technology landsacape.
**Heureka is a Security Posture Management tool designed to manage the security issues in a complex technology landscape.**

Heureka is commited to empower service owners with a central platform for proactive security management. It seamlessly integrates key components such as advanced patch management, intelligent SIEM analysis, and automated policy enforcement.
Heureka is committed to empowering service owners with a central platform for proactive security management. It seamlessly integrates key components such as advanced patch management, intelligent SIEM analysis, and automated policy enforcement.

It is also designed to address the critical compliance aspect as it is equipped with capabilities to track the end-to-end remediation process, thereby providing tangible compliance evidence. This approach to security posture management ensures a comprehensive and professional approach to maintaining robust security standards.

### Problem Statements
## Problem Statements

#### Complexity and Visibility
### Complexity and Visibility
Maintaining security in a complex cloud operations platform landscape is a monumental task. These landscapes often consist of numerous services, each with a multitude of components like images, databases, libraries, and configurations.
The challenge is compounded by the fact that these components have varying versions and can be shared across multiple services creating a critical need to pinpoint the specific instance (version) of a component as the security baseline, as vulnerabilities within a single component can impact multiple services within the landscape.

#### Compliance and Efficiency
### Compliance and Efficiency
Meeting compliance requirements and maintaining robust security standards is time-consuming and resource-intensive due to the lack of centralized visibility into the intricate relationships and dependencies between services and their underlying components as well as configurations.
This makes tracking remediation, documenting evidence, and managing security configurations difficult leading to inefficient security operations and delayed remediation efforts.

### Business Goals
## Business Goals

- Enhance Visibility and Security Posture:
- Track the overall state of technology landscape
- Track security issues associating to specific components of the technology landscape
- Track the overall state of the technology landscape
- Track security issues associated to specific components of the technology landscape

- Streamline Security Operations:
- Provide a central platform to monitor and assess the overall security posture of the technology landscape
Expand All @@ -43,47 +43,45 @@ This makes tracking remediation, documenting evidence, and managing security con
| --- | --- |
| Support Group | A support group consists of multiple users working on a defined scope of services |
| Support Group Owner | Owners/ administrators of Support Group |
| Support Group Engineer | Individual users that are member of a support group |
| Support Group Engineer | Individual users that are members of a support group |
| Service | Services are the main entities used by Heureka to represent our in. A service consists of one or multiple components. With an owner and at least one delegate |
| Component | A service consists of one or more components and is the base for confirming a service is affected by an issue. There are different component types such as (Keppel)Image of Github Repository. |
| Component Instance | A component that is an instance of an component |
| Component | A service consists of one or more components and is the basis for confirming a service is affected by an issue. There are different component types such as (Keppel)Image of Github Repository. |
| Component Instance | A component that is an instance of a component |
| Component Version | A version of a specific component at a certain point in time |
| Package | Packages are a technical detail for Keppel Images. Keppel uses clair as a vulnerability scanner and performs package indexing. This package list gives information about what is used in the Keppel Image. |
| Package | Packages are a technical detail for Keppel Images. Keppel uses Clair as a vulnerability scanner and performs package indexing. This package list gives information about what is used in the Keppel Image. |
| Issue | An issue is the absolute base unit of a weakness which could be a vulnerability, security event, or policy violation |
| Issue Match | This is the association of a found weakness the deficient resource (component instance). It is therefore represnts the ssue to be fixed|
| Service Owner | A service owner is the responsible person for a service which represents the service in an audit and is responsible for fullfillment of controls |
| Issue Match | This is the association of a found weakness to the deficient resource (component instance). It therefore represents the issue to be fixed|
| Service Owner | A service owner is the responsible person for a service. They represent the service in an audit and are responsible for the fulfillment of security controls |
| Delegate | A person that is a delegate for the Service Owner |
| Activity | The collects all remediation-related information and related changes |
| Activity | The collects all remediation-related information and related changes for each issue match|
| Change | A change captures a change event in a specific component |
| Evidence | Evidence consists of the audit relevant information. |
| Evidence | Evidence consists of all audit-relevant information. |
| Target Remediation Timeline | Target Remediation Timeline - the timeline in which a specific issue match has to get remediated |
| Remediation | A change that eliminates an issue match |
| Irrelevance Statement | A reasoned statement that a specific "Issue Match" is irrelevant for a component or set of components |
| Rollback | The rollback of a change for a component(s)/issue(s) combination |
| Process Facilitator | The person responible for ensuring that the all established processes are followedincluding the patch management process and the Security Information & Event Management (SIEM) process |
| Process Facilitator | The person responsible for ensuring that all established processes are followed including the patch management process and the Security Information & Event Management (SIEM) process |
<br/>

## User Profiles

## User Profiles

### Auditor
Responsible for validating the compliance of the platform to Industry Standards.

- #### Goals

* Validate if all requirements of industry-standard are met or not.
* Validate if all requirements of industry standards are met or not.

- #### Tasks

* Review logs to validate that process is followed
* Review historical remediation activities to verify that process is followed
* Review remediation activities, this includes, patching, Security Event Alert resolution, and policy violations
* Review logs and historical remediation activities to verify that the process is followed
* Review remediation activities; this includes, patching, Security Event Alert resolution, and policy violations
* Review audit artifacts

### Service Owner

The responsible person for a Service, manages a service’s complete lifecycle
The responsible person for a Service - manages a service’s complete lifecycle

- #### Goals

Expand All @@ -94,25 +92,25 @@ The responsible person for a Service, manages a service’s complete lifecycle
* Define what components are belonging to the service
* Owns risk definitions
* Owns service
* Coordinating activities Participate in audit sessions as a service rep
* Review Vulnerability and patching activities
* Handles Security event alerts as well as policy violations
* Coordinate activities and participate in audit sessions as a service rep
* Review vulnerability and patching activities
* Handles security event alerts as well as policy violations
* Review evidence
* Monitor issue statuses

### Support Group Engineer

Manages component instances and is responsible for performing actual patch activities
A group of experts dedicated to managing component instances and is responsible for performing actual issue-remediation activities

- #### Goals

* Seamless patching activity tracking
* Seamless activity tracking

- #### Tasks

* Plan activities
* Perform manual patches/ remediations
* Monitor vulnerability/ patch statuses
* Monitor issue matches and issue match states
* Perform manual patches, issue remediations, and respond to SIEM alerts.

### Process Facilitator

Expand All @@ -126,11 +124,14 @@ Responsible for ensuring that all established processes are followed including t
- #### Tasks

* Perform monthly self- assessment
* Ensure that the audit relevant information required as evidence is correct, complete, and maintained.
* Ensure that the audit-relevant information required as evidence is correct, complete, and maintained.

<br/>

## High Level Features

## High-Level Features

**TBD**



Expand Down

0 comments on commit 955b67a

Please sign in to comment.