Skip to main content
Skip table of contents

CJIS – Reports (Summary and Detail)

Summary Reports

The Intelligent Indexing settings are recommendations. The default configuration is No.

Reports

Report DescriptionID

Augmented Requirements

Data Source

Intelligent Indexing

Classification

Log Sources

CCF: Access Failure Summary

This report provides summary information around account access failures across all logged environments.

2089

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Access Success Summary

This report provides summary information around account access successes across all logged environments.

2091

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Account Deleted Summary

This report provides detailed information when an account has access revoked (deleted) across to any logged environments. This should align with the organization's policies regarding deleted accounts.

2086

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Account Disabled Summary

This report provides detailed information when an account has access revoked (disabled) across any logged environments. This should align with the organization's policies regarding disabled accounts.

2084

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

LogMart

No

Audit

All Available Log Sources

CCF: Account Enabled Summary

This report provides detailed information when an account has access granted across to any logged environments. This should align with the organization's policies regarding enabled accounts.

2085

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

Yes

Audit

All Available Log Sources

CCF: Account Modification Summary

This report provides summary information around account modifications across all logged environments.



2092

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Applications Accessed By User Summary

This report provides information about user accessed applications.

2063

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Data Processor(s)

No

Operations

All Available Log Sources

CCF: Audit Log Summary

This report provides a summary of audit log clearing or write failures by Impacted Host.

2076

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2, 5.10.1.2.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.4.4, 5.4.5, 5.4.6, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.8.2.1, 5.8.3, 5.9.1, 5.9.1.1, 5.9.1.2, 5.9.1.3, 5.9.1.4, 5.9.1.5, 5.9.1.6, 5.9.1.7, 5.9.1.8, 5.9.2, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7),  5.15(SI-8), 5.15(SI-11), 5.15(SI-12), 5.15(SI-16), 5.15(SI-10)

Platform Manager

Yes

Audit

All Available Log Sources

CCF: Auth Failure Summary

This report provides summary information around account authentication failures across all logged environments.

2088

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7),  5.15(SI-8), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Auth Success Summary

This report provides summary information around account authentication successes across all logged environments.

2090

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

No

Audit

All Available Log Sources

CCF: Backup Activity Summary

This report provides a summary of activity from backup events.

2062

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.2.1, 5.3.2.2, 5.4.1, 5.4.1.1, 5.4.2, 5.4.5, 5.4.6, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-11), 5.15(SI-10)

Data Processor(s)

No

Operations

All Available Log Sources

CCF: Compromises Detected Summary

This report provides a summary of detected compromises of security by Entity and Impacted Host.

2064

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

LogMart

Yes

Security

All Available Log Sources

CCF: Config/Policy Change Summary

This report provides a summary of the occurrence of configuration or policy changes across critical and production environments (entity structure).

2049

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.4.5, 5.4.6, 5.7.1, 5.7.1.1, 5.8.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-16)

LogMart

Yes

Audit

All Available Log Sources

CCF: Critical Environment Error Summary

This report provides summary details around critical or error messages received from critical servers or systems (entity structure) to support change management procedures.

2050

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.4.5, 5.4.6, 5.7.1, 5.7.1.1, 5.8.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-11)

Platform Manager

Yes

Operations

All Available Log Sources

CCF: GeoIP Summary

This report summarizes GeoIP activity that is associated with AI Engine GeoIP rules, in the CCF compliance automation suite.

2069

5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

Yes

Security

All Available Log Sources

CCF: LogRhythm Data Loss Defender Log Summary

This report provides summary information on data generated by the LogRhythm Data Loss Defender.  Data is grouped by Entity, Impacted Host, Common Event, and Object with a count of how many times that condition has been experienced within the reporting period.

2066

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.1, 5.10.1.2.2, 5.10.1.3,  5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.4.5, 5.4.6, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.8.1, 5.8.3, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-12), 5.15(SI-16)

LogMart

Yes

Operations

All Available Log Sources

CCF: Malware Detected Summary

This report provides a summary of malware activity by entity and impacted host within the organization's critical and production environments (entity structure).

2051

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

Yes

Security

All Available Log Sources

CCF: Object Access Summary

This report summarizes object access by Impacted Host.

2067

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.5, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-12), 5.15(SI-16)

Data Processor(s)

No

Audit

All Available Log Sources

CCF: Patch Activity Summary

This report provides a summary of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.

2052

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.7.1, 5.7.1.1, 5.8.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-11)

Data Processor(s)

Yes

Operations

All Available Log Sources

CCF: Physical Access Summary

This report summarizes physical door access/authentication success and failures within the organization's physical security perimeter.

2053

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.5, 5.4.6, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.7.2, 5.8.1, 5.8.2.1, 5.9.1, 5.9.1.1, 5.9.1.2, 5.9.1.3, 5.9.1.4, 5.9.1.5, 5.9.1.6, 5.9.1.7, 5.9.1.8, 5.9.2

Platform Manager

Yes

Audit

All Available Log Sources

CCF: Priv Account Management Activity Summary

This report provides a summary of various access modifications to privileged accounts occurring within the defined environments.  This report requires the CCF:  Privileged Accounts (user list) be established and periodically updated.

2080

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Priv Authentication Activity Summary

This report provides summary information around privileged account authentication success and access success activity within the defined environment.  This report relies on CCF: Privileged Accounts (user list) to be established and updated periodically.

2079

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Platform Manager

Yes

Audit

All Available Log Sources

CCF: Rogue Access Point Summary

This report provides a summary of all detected rogue wireless access points by Impacted Host across critical and production environments (entity structure).
 

2054

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

Yes

Security

All Available Log Sources

CCF: Signature Activity Summary

This report provides summary information on signature update activity across critical and production environments (entity structure).

2055

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.7.1, 5.7.1.1, 5.8.1, 5.15(SI-2), 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-11)

LogMart

Yes

Operations

All Available Log Sources

CCF: Social Media Summary

This report provides a summary of the top URLs related to Social Media activity

2070

5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.2.1, 5.3.2.2, 5.4.1, 5.4.1.1, 5.5.2, 5.7.1.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-12), 5.15(SI-16)

Platform Manager

No

Audit

All Available Log Sources

CCF: Suspected Wireless Attack Summary

This report provides summary information on suspected wireless attacks at the internal boundary including the type if attack and impacted (targeted) host and application (if applicable).  To supplement this Summary Report consider running an Investigation to capture further information. This is based on Critical and Production environments (can be defined with entity structure).

2056

4.2.2,  5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Platform Manager

Yes

Security

All Available Log Sources

CCF: Term Account Activity Summary

This report provides a summary of authentication successes and failures from terminated accounts (list) within any logged environments. This should align with the organization's termination policy.

2087

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Time Sync Error Summary

This report provides a summary of time sync errors occurring within critical and production environments (can be defined with entity structure).
 

2057

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2, 5.10.1.2.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.10.4.1, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.2, 5.4.4, 5.4.5, 5.4.6, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.8.2.1, 5.8.3, 5.9.1, 5.9.1.1, 5.9.1.2, 5.9.1.3, 5.9.1.4, 5.9.1.5, 5.9.1.6, 5.9.1.7, 5.9.1.8, 5.9.2, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-11)

Platform Manager

Yes

Operations

All Available Log Sources

CCF: Top Suspicious Users

This report lists all users generating suspicious activity ordered by the number of events detected highest to lowest.
 

2059

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Data Processor(s)

Yes

Security

All Available Log Sources

CCF: Use Of Non-Encrypted Protocols Summary

This report lists any use of non-encrypted protocols.
 

2060

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2, 5.10.1.2.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-12), 5.15(SI-16)

LogMart

Yes

Audit

All Available Log Sources

CCF: User Misuse Summary

This report summarizes detected misuse by user.

2061

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8)

Platform Manager

No

Security

All Available Log Sources

CCF: User Object Access Summary

This report summarizes successful object access activity by user.

2068

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.2, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.4.5, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10), 5.15(SI-12), 5.15(SI-16)

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: User Priv Escalation (SU & SUDO) Summary

This report provides summary information specific to a user privilege level status on a Linux environment.  This report is specific to Linux based on a search for the MPE rule of SU Session Opened (flat file, SUDO log, or syslog).

2078

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: User Priv Escalation (Windows) Summary

This report provides summary information around changes in privilege level status of a user on a critical server or workstation, specific to Windows based on event ID, security metadata field of 2.  This type of log is generated when a new process is created on a Windows machine and the token type is recorded in the object metadata field.  Audit privilege use and audit process tracking must be enabled on the Windows machine being audited.

2077

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-10)

Platform Manager

Yes

Audit

All Available Log Sources

CCF: Vulnerability Detected Summary

This report provides a summary of potential vulnerabilities detected across the critical and production environments (can be defined with entity structure).
 

2058

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.15(SI-3), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7), 5.15(SI-8), 5.15(SI-10)

Platform Manager

Yes

Security

All Available Log Sources

Detail Reports

The Intelligent Indexing settings are recommendations. The default configuration is No.

Reports

Report DescriptionID

Augmented Requirements

Data Source

Intelligent Indexing

Classification

Log Sources

CCF: Host Access Granted And Revoked Detail

This report details all access granted and revoked for production systems.2065

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.8.2.1, 5.15(SI-2), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7),  5.15(SI-8), 5.15(SI-10)

Data Processor(s)

Yes

Audit

All Available Log Sources

CCF: Unknown User Account Detail

This report provides detail of activity from unknown user accounts, based off CCF user lists.2071

4.2.2, 5.10.1, 5.10.1.1, 5.10.1.2.1, 5.10.1.3, 5.10.3.1, 5.10.3.2, 5.3.1, 5.3.2, 5.3.2.1, 5.3.2.2, 5.3.4, 5.4.1, 5.4.1.1, 5.5.1, 5.5.2, 5.5.2.1, 5.5.2.2, 5.5.2.3, 5.5.2.4, 5.5.6, 5.5.6.1, 5.7.1, 5.7.1.1, 5.7.2, 5.8.1, 5.8.2.1, 5.15(SI-2), 5.15(SI-4), 5.15(SI-4-2), 5.15(SI-4-4), 5.15(SI-4-5), 5.15(SI-5), 5.15(SI-7), 5.15(SI-7-1), 5.15(SI-7-7),  5.15(SI-8), 5.15(SI-10)

Data Processor(s)

Yes

Security

All Available Log Sources

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.