One of our client is getting the OWASP testing done on their Alfresco CE 5.2 installation and had come up with certain queries.
I would like to get the help community in helping in understanding the below queries, how these can be tackled.
1. Does the Application embrace Appropriate Alerting Thresholds and Response Escalation Processes?
2. Does the Application trigger alerts for Penetration testing and scans by automated security tools (such as Burp Scanner, OWASP ZAP, Acunetix, Netsparker, IBM Appscan, etc.)?
3. Does the Application trigger alerts for active attacks in real time?
What configuration needs to be done in Alfresco so that these can be logged in the logs and I believe I need to use some third party tool like Nagios or ELK stack to monitor the logs and generate the triggers or Alfresco provides a way to register these events.