CCF – Investigations

CCF: Deleted Account Inv

NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager (s)

No

Audit

All Available Log Sources

CCF: Disabled Account Inv

NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

No

Audit

All Available Log Sources

CCF: Enabled Account Inv

NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Audit

All Available Log Sources

CCF: Account Modification Inv

NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Applications Accessed By User Inv

GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

LogMart(s)

Yes

Audit

All Available Log Sources

CCF: Audit Log Inv

UAE-NESA, NIST 800-53, NIST 800- 171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Backup Activity Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Operations

All Available Log Sources

CCF: Compromises Detected Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Config/Policy Change Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Critical Environment Error Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

No

Operations

All Available Log Sources

CCF: Denial of Service Inv

GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Audit

All Available Log Sources

CCF: Excessive Authentication Failure Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

No

Audit

All Available Log Sources

CCF: GeoIP Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Host Access Granted And Revoked Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: LogRhythm Data Loss Defender Log Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Malware Detected Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Object Access Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

No

Audit

All Available Log Sources

CCF: Password Modification Inv

UAE-NESA, NIST 800-53, NIST 800- 171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

No

Audit

All Available Log Sources

CCF: Patch Activity Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Security

All Available Log Sources

CCF: Physical Access Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Audit

All Available Log Sources

CCF: Privileged Account Escalation Inv

UAE-NESA, NIST 800-53, NIST 800- 171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Privileged Account Modification Inv

UAE-NESA, NIST 800-53, NIST 800- 171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Rogue Access Point Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Signature Activity Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

LogMart(s)

Yes

Operations

All Available Log Sources

CCF: Social Media Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

No

Audit

All Available Log Sources

CCF: Suspected Wireless Attack Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources

CCF: Suspicious Users Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Security

All Available Log Sources

CCF: Time Sync Error Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Operations

All Available Log Sources

CCF: Unknown User Account Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

Yes

Security

All Available Log Sources

CCF: Use Of Non- Encrypted Protocols Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

LogMart(s)

Yes

Audit

All Available Log Sources

CCF: User Misuse Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

No

Security

All Available Log Sources

CCF: User Object Access Inv

GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Data Processor(s)

No

Audit

All Available Log Sources

CCF: Vulnerability Detected Inv

GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD

Platform Manager(s)

Yes

Security

All Available Log Sources