Skip to content

SenseOn Log Collection Questionnaire

This document outlines the information the SenseOn team needs to design your log setup. Completing this helps us ensure the plan fits your security, compliance, and operational goals.

Business Purpose (The 'Why')

This section looks at your main reasons for bringing this data into the SenseOn Intelligence Cloud.

  1. Main Goal: What is the primary reason for collecting these logs? (e.g., Security monitoring, spotting threats, IT operations, or meeting audit rules?)
  2. Compliance: Are there specific regulations or internal policies (like GDPR, HIPAA, or PCI) that legally require you to keep these logs? If yes, please list them.
  3. Missing Information: Which important systems or parts of your network are currently "blind spots" for the SenseOn Universal Sensor or your current tools?
  4. Security Risks: What specific types of attacks or security risks are you hoping to spot by collecting this new data?
  5. Past Challenges: Have you had trouble in the past with collecting logs (e.g., systems breaking, data being read incorrectly, or costs getting too high), managing, or monitoring these logs? How did you fix those issues?
  6. Storage Time: How long do you need to keep this raw data? (e.g., 90 days, 1 year, 7 years)

Log Detail (The 'What' and 'How')

Please copy and complete this section for each log source you wish to add. The responses to these will be explored in detail to ensure the right architecture is deployed.

  1. Log Name: (e.g., DNS logs, firewall logs)
  2. System/Product Detail: (e.g., Cisco ASA 5525, Kubernetes 1.28)
  3. Location: Where is the system and what type of infrastructure is it on? (e.g., On-Premises Server, AWS Kubernetes, GCP Computer, SaaS)
  4. Collection Method: How can SenseOn access this data? (e.g. it can be sent via Syslog to an on premise forwarder, it is stored in an S3 bucket, its stored in the GCP Log Explorer etc.)
  5. Data Usage (Pipeline): What do you want to do with this data? Store only for compliance, allow it to be analysed for threat hunting or have analytics operating over it?
  6. Daily Data Volume: (Estimated GB or TB per day, if unknown could you guess the daily event volume?)
  7. Filtering or Intermediate Tools: Does the data go through any filtering or other tools (like Logstash or Fluentd) before it reaches us? If yes, please explain what that tool does to the data.
  8. Log Format: (e.g., JSON, CEF, Syslog, Key-Value pair)