201 CMR 17 – Reports and Reporting Packages

Summary Reports

Report Name	Directly Meets Requirements	Augmented Requirements	Data Source	Intelligent Indexing	Log Sources	Classifications
201 CMR 17: Account Access Summary	17.03.2.h, 17.04.4	N/A	Log Manager	Yes	201 CMR 17: Account Access Summary	Access Failure, Access Success
201 CMR 17: Account Authentication Summary	17.03.2.h, 17.04.4	N/A	Log Manager	Yes	201 CMR 17: Account Authentication Summary	Authentication Failure, Authentication Success
201 CMR 17: Account Deletion Summary	N/A	17.03.2.e, 17.04.1.d	Log Mart	No	201 CMR 17: Account Deletion Summary	Account Deletion
201 CMR 17: Alarm And Response Activity	17.03.2.j	N/A	Event Manager	N/A	201 CMR 17: Alarm And Response Activity	N/A
201 CMR 17: Antivirus Information Summary	N/A	17.04.7	Log Manager	Yes	201 CMR 17: Antivirus Information Summary	Information
201 CMR 17: Antivirus Issue Summary	N/A	17.04.7	Log Mart	No	201 CMR 17: Antivirus Issue Summary	Critical, Error, Warning
201 CMR 17: Critical/Error Condition Summary	17.03.2.b.3	N/A	Log Mart	No	201 CMR 17: Critical/Error Condition Summary	Critical, Error
201 CMR 17: Default Account Access Summary	N/A	17.04.2.b	Log Manager	Yes	201 CMR 17: Default Account Access Summary	Access Failure, Access Success
201 CMR 17: Default Account Auth Summary	N/A	17.04.2.b	Log Manager	Yes	201 CMR 17: Default Account Auth Summary	Authentication Failure, Authentication Success
201 CMR 17: Disabled/Locked Account Summary	N/A	17.03.2.e, 17.04.1.d, 17.04.1.e	Log Mart	No	201 CMR 17: Disabled/Locked Account Summary	Access Revoked
201 CMR 17: File Integrity Monitoring Summary	N/A	17.04.2.a	Log Manager	No	201 CMR 17: File Integrity Monitoring Summary	Activity
201 CMR 17: Host Firewall Error Summary	N/A	17.04.6	Log Mart	No	201 CMR 17: Host Firewall Error Summary	Critical, Error, Warning
201 CMR 17: Host Firewall Information Summary	N/A	17.04.6	Log Mart	No	201 CMR 17: 201 CMR 17: Host Firewall Information Summary	Information
201 CMR 17: Network Connection Summary	N/A	17.04.3	Log Manager	No	201 CMR 17: Network Connection Summary	Network Allow, Network Deny, Network Traffic
201 CMR 17: Network Service Summary	N/A	17.04.3	Log Manager	No	201 CMR 17: Network Service Summary	Network Allow, Network Deny, Network Traffic
201 CMR 17: Non-Encrypted Protocol Summary	N/A	17.04.3	Log Manager	Yes	201 CMR 17: Non-Encrypted Protocol Summary	Network Allow, Network Deny, Network Traffic
201 CMR 17: Security Event Summary by Application	17.03.2.b	N/A	Log Mart	No	201 CMR 17: Security Event Summary by Application	Activity, Attack, Compromise, Denial Of Service, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability
201 CMR 17: Security Event Summary by Entity	17.03.2.b	N/A	Log Mart	No	201 CMR 17: Security Event Summary by Entity	Activity, Attack, Compromise, Denial Of Service, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability
201 CMR 17: Security Event Summary by Impactd Host	17.03.2.b	N/A	Log Mart	No	201 CMR 17: Security Event Summary by Impactd Host	Activity, Attack, Compromise, Denial Of Service, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability
201 CMR 17: Security Event Summary by Origin Host	17.03.2.b	N/A	Log Mart	No	201 CMR 17: All Log Sources		Activity, Attack, Compromise, Denial Of Service, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability
201 CMR 17: Signature Update Summary	N/A	17.04.7	Log Mart	No	201 CMR 17: All Log Sources	Configuration, Error
201 CMR 17: Software Update Summary	N/A	17.04.6	Log Mart	No	201 CMR 17: All Log Sources	Configuration, Error
201 CMR 17: Terminated Account Access Summary	N/A	17.03.2.e, 17.04.1.d	Log Manager	Yes	201 CMR 17: All Log Sources	Access Failure, Access Success
201 CMR 17: Terminated Account Auth Summary	N/A	17.03.2.e, 17.04.1.d	Log Manager	Yes	201 CMR 17: Security Systems	Authentication Failure, Authentication Success

Report Packages

Report Package Name	Interval	Functional Area	Reports
LogRhythm 201 CMR 17 Reporting Package	Weekly	Audit, IT, Security	201 CMR 17: Account Access Summary 201 CMR 17: Account Authentication Summary 201 CMR 17: Account Deletion Summary 201 CMR 17: Alarm And Response Activity 201 CMR 17: Antivirus Information Summary 201 CMR 17: Antivirus Issue Summary 201 CMR 17: Critical/Error Condition Summary 201 CMR 17: Default Account Access Summary 201 CMR 17: Default Account Auth Summary 201 CMR 17: Disabled/Locked Account Summary 201 CMR 17: File Integrity Monitoring Summary 201 CMR 17: Host Firewall Error Summary 201 CMR 17: Host Firewall Information Summary 201 CMR 17: Network Connection Summary 201 CMR 17: Network Service Summary 201 CMR 17: Non-Encrypted Protocol Summary 201 CMR 17: Security Event Summary by Application 201 CMR 17: Security Event Summary by Entity 201 CMR 17: Security Event Summary by Impactd Host 201 CMR 17: Security Event Summary by Origin Host 201 CMR 17: Signature Update Summary 201 CMR 17: Software Update Summary 201 CMR 17: Terminated Account Access Summary 201 CMR 17: Terminated Account Auth Summary

Report Package Name

Interval

Functional Area

Reports

LogRhythm 201 CMR 17 Reporting Package

Weekly

Audit, IT, Security

201 CMR 17: Account Access Summary

201 CMR 17: Account Authentication Summary

201 CMR 17: Account Deletion Summary

201 CMR 17: Alarm And Response Activity

201 CMR 17: Antivirus Information Summary

201 CMR 17: Antivirus Issue Summary

201 CMR 17: Critical/Error Condition Summary

201 CMR 17: Default Account Access Summary

201 CMR 17: Default Account Auth Summary

201 CMR 17: Disabled/Locked Account Summary

201 CMR 17: File Integrity Monitoring Summary

201 CMR 17: Host Firewall Error Summary

201 CMR 17: Host Firewall Information Summary

201 CMR 17: Network Connection Summary

201 CMR 17: Network Service Summary

201 CMR 17: Non-Encrypted Protocol Summary

201 CMR 17: Security Event Summary by Application

201 CMR 17: Security Event Summary by Entity

201 CMR 17: Security Event Summary by Impactd Host

201 CMR 17: Security Event Summary by Origin Host

201 CMR 17: Signature Update Summary

201 CMR 17: Software Update Summary

201 CMR 17: Terminated Account Access Summary

201 CMR 17: Terminated Account Auth Summary