September 13, 2017
How is the test monitored?
For managed testing exercises, prior to the actual test an all-hands meeting including OPS that will be invited to the test will cover:
1) The test plan
2) Testing methodology
3) Local requirements for OPS monitoring (e.g. who watches ISP’s routers, firewalls, load balancers, application servers) and what they need to record and how to record it.
A series of dashboards are available for OPS to monitor. They will be made available 3 ways:
1) Via an audio/video screen-share during the exercise
2) Via the portal for OPS to log in during the test
3) Via a limited ‘read-only’ dashboard share link that is suitable for 3rd parties to receive
Also local OPS monitoring can be reported on in the tool via the ‘observation tracker’ on the portal. This is strongly recommended as all observations are time-stamped and can easily be correlated to the attack settings during the report/analysis phase.
Note that all targets will also be monitored from several ‘good agents’ in the Internet. The results of this monitoring information is also included on the dashboards.