RMF Dashboards on Elastic. Machine Learning jobs create red/yellow/green views of each CCI that matters to you. We have created a unique and specific dashboard for about 60 different CCI's at this time.
So much the same under the covers: M-21-31, RMF, CMMC, CSF, HITRUST. Folks a little secret, they all copy each other.. literally word for word sometimes. Dale Bingham and Nathan Stacey talk through it here.
Check our our general workflow of the RMF/CMMC Dashboards. In future videos we will showcase the different components to these dashboards and how to use them. This is the first as we showcase how we expect people to use these. You can download them now via GitHub and view information on our LinkedIn Homepage.
Use OpenRMF® Professional with Elastic SIEM to assure full RMF, CMMC and other cyber compliances. This demo shows what each product does to assure continuous compliance. Check out the GitHub repo for these Kibana Dashboards.
When we created these dashboards we had to make a choice. ML or Alert based. We went with ML and it is based on this simple fact, the day zero experience is better. MUCH better. These deploy wicked fast. This video goes into more detail of how ML and Alerts change the methodologies of compliance logging. (Important note: ML is a paid Elastic feature. Part of the general license package and not an add-on.)
Line 1 RMF/CMMC engineers need their red/green lights. These overview dashboards are built around that methodology for proper ITIL triaging. But what is happening behind these colors? This quick video walks through the ML jobs and what they are monitoring. Specifically they are monitoring key queries in the individual CCI dashboards.
Riders 'search', drivers make ML from 'search'. And don't let 'them' tell you that you aren't able to make ML jobs. I promise you can start making ML jobs in a day. ML is not that hard. It is just an automated 'search.' This video explains what I mean.
See how the CMMC and RMF based dashboards, at the CCI level, sync to the Kibana dashboards with data. Check out the GitHub repo for these Kibana Dashboards.
See how you can make alerts from these types of cyber compliance dashboards for CCI-000133. And not be overrun and overwhelmed with all the alert chatter when just using alerts.
Got logs? CCI-000130 cares about one thing, are you getting your cyber data. And when you are getting hacked, when you are patching systems, the first step is hardest and most simple at the same time. Get the data.
Thoughts on how to monitor "Are my logs full of all the information I need" with Elastic from a compliance perspective for CCI-000131.
Tracking to CCI-000132 makes sure that all computers in your network are running on the same definition of time. This dashboard is built to monitor your time from all systems and make sure they are in sync.
Tracking of the Auditing control correlation identifier CCI-000133: Ensure that audit records containing information that establishes the source of the event.
Tracking CCI-000134 means to ensure that audit records containing information that establishes the outcome of the event. Success or Failure. Both are important.
See CCI-000213 in action: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Track your access and authentication. Extremely Important! This deals with CCI-001487: Ensure that audit records containing information that establishes the identity of any individuals, subjects, or objects/entities associated with the event.