Protective Monitoring for HMG ICT Systems, based on Communications-Electronics Security Group's Good Practice Guide 13 (GPG-13), is a framework that all HMG organizations are required to follow in order to gain access to the UK Government Connect Secure Extranet (GCSX). These guidelines were put in place to provide security administrators and other IT professionals with an audit trail of relevant security and operations related events on their network. The 12 Protective Monitoring Controls (PMC) within GPG-13 describe specific requirements that an organization must meet in everyday practice as well as in audit situations. These requirements can help an organization in IT forensics, incident response and management, and maintaining the integrity of their individual enterprise. Control obligations are directly addressed or augmented through LogRhythm report packages, AIE rules, Investigations, and Tails.
This module and reporting package is offered out-of-the-box with some level of customization available, according to your environment. Utilizing the GPG-13 Advanced Compliance Suite will assist in building and maintaining a sound compliance program.
This guide is for LogRhythm administrators who are responsible for the security and/or compliance of their organization’s infrastructure.
This guide assumes the following:
- The GPG-13 Advanced Compliance Suite has been imported, the desired AI Engine rules are enabled, and network entity structure has been configured. Please consult with LogRhythm support for any additional questions around establishing entity structure in the console.
- Appropriate log sources, such as Windows Security Events, Firewalls, Intrusion Detection Systems, and so on, have been configured for collection by LogRhythm.
- To identify internal and external sources for directional traffic, the network entity structure has been configured. Please consult with LogRhythm support for any additional questions or guidance around establishing directional traffic.
- To use the included rules that monitor privileged users, the GPG-13: APP and DB Admin List has been modified to include privileged user groups that the organization wishes to monitor.
The guide is divided into the following sections: