|
List Name |
ID |
List Type |
Description |
|---|---|---|---|
|
GPG-13: All Log Sources |
-2321 |
Log Sources |
This list should contain all log sources for the Entity concerned. |
|
GPG-13: APP and DB Admin List |
-2318 |
User |
This list includes standard accounts or groups typically with administrative-based access for production environments. |
|
GPG-13: Application and Database Production Servers |
-2320 |
Log Sources |
This list includes all in-scope, production application and database level servers within the boundary. |
|
GPG-13: Approved Wireless Access Points |
-2312 |
Log Sources |
This list includes all approved wireless access points at the boundary. |
|
GPG-13: Authorized VPN Users |
-2316 |
Users |
This list should be updated with any approved VPN users. |
|
GPG-13: Critical Servers |
-2341 |
Log Sources |
This list should only be populated with those servers classified as Critical. |
|
GPG-13: Critical Workstations |
-2304 |
Log Sources |
This list should only be populated with workstations classified as Critical |
|
GPG-13: File Integrity Monitoring |
-2298 |
Log Source |
This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. |
|
GPG-13: Host Anti-Malware |
-2299 |
Log Source |
This list includes all host-based Anti-Malware within the internal boundary (workstations and servers). |
|
GPG-13: Internal Boundary Enforcing Devices |
-1034 |
Log Source |
This list should contain Enforcing Devices that are on the internal boundary of a network (for example, IPS) |
|
GPG-13: Internal Monitoring Devices |
-2319 |
Log Source |
This list should contain all internal Monitoring Devices (for example, IDS) inspecting traffic within an Impact Level rather than traffic traversing a security Boundary. |
|
GPG-13: Internal Network Devices |
-2300 |
Log Source |
This list includes Internal network infrastructure devices. other than those devices which can be more accurately described by the lists 'Internal Monitoring Devices' and 'Internal Boundary Enforcing Devices' |
|
GPG-13: Network Connection Consoles |
-2301 |
Log Source |
This list includes all consoles to which a network connection can be established. |
|
GPG-13: Remote Access Devices |
-2310 |
Log Source |
This list should be updated with any log sources which could include logs from remote access activity. |
|
GPG-13: Security Boundary Anti- Malware Gateways |
-2315 |
Log Source |
This list includes Anti-Malware gateway devices inspecting traffic traversing a Security Boundary. |
|
GPG-13: Security Boundary Content Gateways |
-2303 |
Log Source |
This list includes content checking gateway devices (other than 'Security boundary Anti-Malware Gateways') inspecting traffic traversing a Security Boundary. |
|
GPG-13: Security Boundary Enforcing Devices |
-2307 |
Log Source |
This list includes devices (for example, IPS, Firewalls) enforcing separation across a security boundary. |
|
GPG-13: Security Boundary Monitoring Devices |
-2311 |
Log Source |
This list includes monitoring devices (for example, IDS) inspecting traffic traversing a security boundary. |
|
GPG-13: Servers and Workstations |
-2314 |
Log Source |
This list should contain all servers and workstations within the environment classified as both critical and non-critical. |
|
GPG-13: UDLA – LREnhancedAudit |
-2356 |
Log Source |
This list is configured to encompass UDLA LogRhythm AIE Rule changes. |
|
GPG-13: VPN Devices |
-2322 |
Log Source |
This list should be updated to contain all VPN or related devices/clients. |
|
GPG-13: Wireless IDS |
-2317 |
Log Source |
This list includes all Wireless Intrusion Detection Systems/Services (WIDS) within the boundary. |