Educause Security Discussion mailing list archives
Re: CIS vs NIST
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Thu, 3 May 2018 11:01:50 -0400
On 3 May 2018 at 10:39, Bridges, Robert A. <bridgesra () ornl gov> wrote:
This is interesting, Kevin. Thanks for sharing. What's the cost to the host that's got audit data collection on? Is there noticeable slowdown/high memory cost, etc?
I run it across all of my Linux hosts and they're some of the most heavily-taxed systems on campus. The CPU/RAM costs are low single-digit percentages (IIRC it added <5% CPU); the disk cost can be high if the system is already struggling with I/O so I've stopped using auditd + syslog and now use auditbeat from Elastic. Even on the Windows side, process auditing and powershell script-block logging have added minimal overhead. Since you're at Oak Ridge, if you're coming to Blue Ridge Con then look for the bald guy in the khaki Utilikilt and Scotland shirt, I'm happy to chat about it in-depth =) kmw
Current thread:
- Re: CIS vs NIST, (continued)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Kevin Wilcox (May 02)
- Re: CIS vs NIST Bridges, Robert A. (May 03)
- Re: CIS vs NIST Kevin Wilcox (May 03)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
- Re: [External] Re: [SECURITY] CIS vs NIST Bennett, Daniel (May 21)
- Re: [External] Re: [SECURITY] CIS vs NIST Larry K. Emmons (May 21)