Auditing

Auditing

Auditing as well as monitoring capabilities are essential part of requirements noted in security standards such as FIPS-140-2, PCI-DSS, SoX, ISO 27017 and corporate policies. The common way to add the auditing capability for OpenStack services is to adopt the CADF (Cloud Audit Data Federation) model, which describes details of resource activity or events in JSON format by answering the seven W questions: What, When, Who, On What, Where, From Where, To Where.

OpenStack services can enable CADF through pyCADF (Python-based CADF library). To minimize CADF adoption costs in OpenStack, you can leverage OpenStack messaging infrastructure and publish audit events as OpenStack notifications with no need to wait for acknowledgment.

For API requests, an OpenStack service should include an audit middleware into pipeline currently implemented in the Keystone project. The audit middleware generates an audit event based on an audit map, which specifies what type of data should be extracted from API requests and replies.