The ability to generate on-demand reports, including after the log data has been subjected to log reduction, greatly facilitates the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
Log reduction is a process that manipulates collected log information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as needed) reports.
Instead of the application server providing the log reduction function; it is also accepted practice to configure the application server to send its logs to a centralized log system that can be used to provide the log reduction with reporting capability. Security Incident Event Management (SIEM) systems are an example of such a solution.
To fully understand and investigate an incident within the components of the application server, the application server, must be configured to provide log reduction and on-demand reporting or be configured to send its logs to a centralized log system. |