Hello all, I am a new intern at a mid-size company and I have been tasked with assisting in CMMC compliance. I have been following the CMMC Assessment Guide for level 2 and I got to the part where my company needs to log processes acting on behalf of authorized users.
I had thought about it for a while and thought it would be a good idea to configure a syslog server to manage logs, however once doing so there were a crazy amount of “Microsoft Windows security auditing - filtering platform connection” logs originating from DNS, SVChost, and Isass, up to 30-40 per second. It was taking up to 10-20 GB of storage per day for some reason.
My question is - what logs are we required to keep? I haven’t wanted to just…not log these things, but whenever I go to filter I think “what if they ask for x log?”I apologize if I haven’t been looking in the right direction, I’m new to all of this CMMC stuff.
[link] [comments]