Security Logging Overview

1. You are here:
2. Engineering
3. Security
4. Security Engineering & Research
5. Security Logging Overview

On this page

• Our Vision
  • Our Mission Statement
• The Team
  • Team Members
• Responsibilities
  • What we are responsible for
  • What we are not responsible for
• Working With Us
  • How to contact us
• How We Work
  • Meetings and Scheduled Calls
  • Team Pages
  • Project Management
    • Team Planning
    • Project Ownership
    • Labels
  • Design Documents
• Additional Resources

Our Vision

Guarantee that GitLab has the logging data coverage required to:

• Perform the threat analysis, alerting and threat detections necessary to protect the company and its customers
• Ensure compliance with internal policies, standards, internal and external audits, and regulatory requirements.

  Our Mission Statement

  The team achieves its vision by planing, executing and supporting initiatives that improve the coverage and usability of security logging data on GitLab. We manage, maintain, design, configure, and document the necessary tools, systems and processes to make that happen.

Further details can be found in the job family description.

The Team

Team Members

The Security Logging Team is part of the Security Engineering & Research sub-department. See GitLab's organizational chart and meet our team members.

Responsibilities

The Security Logging Team is responsible for security focused logging, monitoring, and alerting.

What we are responsible for

The Security Logging Team is responsible for managing, maintaining, designing, configuring, and documenting the necessary tools, systems and processes to support all security logging, monitoring, and alerting needs. This includes but is not limited to the following examples:

• Designing, managing, and maintaining the security logging and monitoring infrastructure
• Ensuring reliability and availability of log data for security purposes
• Owning and maintaining the security logging standard that defines important aspects and requirements of security logging, monitoring, and alerting at GitLab
• Working with our internal GitLab customers to ensure they have the logging data, and access to this data, needed to successfully accomplish the responsibilities of their roles
• Working closely with the Infrastructure team ensuring that log aggregation infrastructure is reliable and available to meet the needs of both Infrastructure and Security
• Building an maintaining a library of logging profiles for various technologies that can used to gather, format, and send logging data to the appropriate log aggregation systems

What we are not responsible for

The Security Logging Team is not responsible for the logging, monitoring, and alerting data or infrastructure supporting non-security focused needs. This includes but is not limited to the following examples:

• Infrastructure or application logging supporting reliability or availability of GitLab systems
• Responding to or taking action on the security alerts that are generated by the infrastructure and tools owned and maintained by the Security Logging Team
• Remediation of security vulnerabilities found using the infrastructure and tools owned and maintained by the Security Logging Team
• The Security Logging Team does not own the logging data aggregated, stored, or contained within the infrastructure and tools owned and maintained by the Security Logging Team
• The Security Logging Team is not responsible for the endpoint systems from which logging data is gathered

Working With Us

TBD

How to contact us

The Security Logging Team can be contacted in Slack using the #sec-log-managment channel, the #security channel, or the #security-department channel. You can also contribute, commment, view, or interact with us in our team repo.

How We Work

We are an internal customer focused and customer driven team. Our customers drive our priorities and help us define our responsibilities. We work to balance this with a risk based approach aimed at reducing and minimizing security risk at GitLab. Additionally, we embrace the DevOps model, software defined infrastructures, a cloud first approach, modular decoupled architectures, self-serviceability, and automate when and wherever possible.

Meetings and Scheduled Calls

TBD

Team Pages

• This Handbook Page, which contains general information about the team.

Project Management

TBD

Team Planning

TBD

Project Ownership

Each project has an owner who is responsible for delivering the project.

The owner needs to:

1. Regularly update the status in the Epic description and milestones.
2. Work with others to move project issues through the boards.

Labels

TBD

Design Documents

TBD

Additional Resources

TBD