GPG-13 – Lists
List Name | ID | List Type | Description |
|---|---|---|---|
GPG-13: All Log Sources | -2321 | Log Sources | This list should contain all log sources for the Entity concerned. |
GPG-13: APP and DB Admin List | -2318 | User | This list includes standard accounts or groups typically with administrative-based access for production environments. |
GPG-13: Application and Database Production Servers | -2320 | Log Sources | This list includes all in-scope, production application and database level servers within the boundary. |
GPG-13: Approved Wireless Access Points | -2312 | Log Sources | This list includes all approved wireless access points at the boundary. |
GPG-13: Authorized VPN Users | -2316 | Users | This list should be updated with any approved VPN users. |
GPG-13: Critical Servers | -2341 | Log Sources | This list should only be populated with those servers classified as Critical. |
GPG-13: Critical Workstations | -2304 | Log Sources | This list should only be populated with workstations classified as Critical |
GPG-13: File Integrity Monitoring | -2298 | Log Source | This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. |
GPG-13: Host Anti-Malware | -2299 | Log Source | This list includes all host-based Anti-Malware within the internal boundary (workstations and servers). |
GPG-13: Internal Boundary Enforcing Devices | -1034 | Log Source | This list should contain Enforcing Devices that are on the internal boundary of a network (for example, IPS) |
GPG-13: Internal Monitoring Devices | -2319 | Log Source | This list should contain all internal Monitoring Devices (for example, IDS) inspecting traffic within an Impact Level rather than traffic traversing a security Boundary. |
GPG-13: Internal Network Devices | -2300 | Log Source | This list includes Internal network infrastructure devices. other than those devices which can be more accurately described by the lists 'Internal Monitoring Devices' and 'Internal Boundary Enforcing Devices' |
GPG-13: Network Connection Consoles | -2301 | Log Source | This list includes all consoles to which a network connection can be established. |
GPG-13: Remote Access Devices | -2310 | Log Source | This list should be updated with any log sources which could include logs from remote access activity. |
GPG-13: Security Boundary Anti- Malware Gateways | -2315 | Log Source | This list includes Anti-Malware gateway devices inspecting traffic traversing a Security Boundary. |
GPG-13: Security Boundary Content Gateways | -2303 | Log Source | This list includes content checking gateway devices (other than 'Security boundary Anti-Malware Gateways') inspecting traffic traversing a Security Boundary. |
GPG-13: Security Boundary Enforcing Devices | -2307 | Log Source | This list includes devices (for example, IPS, Firewalls) enforcing separation across a security boundary. |
GPG-13: Security Boundary Monitoring Devices | -2311 | Log Source | This list includes monitoring devices (for example, IDS) inspecting traffic traversing a security boundary. |
GPG-13: Servers and Workstations | -2314 | Log Source | This list should contain all servers and workstations within the environment classified as both critical and non-critical. |
GPG-13: UDLA – LREnhancedAudit | -2356 | Log Source | This list is configured to encompass UDLA LogRhythm AIE Rule changes. |
GPG-13: VPN Devices | -2322 | Log Source | This list should be updated to contain all VPN or related devices/clients. |
GPG-13: Wireless IDS | -2317 | Log Source | This list includes all Wireless Intrusion Detection Systems/Services (WIDS) within the boundary. |