Skip to main content
Skip table of contents

GPG-13 User Guide – Investigations

Investigations can further assist in gathering vital information around security events or simply to learn about the environment, processes, and activities. The GPG-13: Internal Boundary Monitoring Device Change investigation can be part of a change control process, identifying configuration changes and trying to understand the nature of the change, whether or not the change was appropriate, and its implication to GPG-13 compliance. Custom investigations can be configured in addition to those included within this module.

Log Requirements

The following log sources must be collected from the environment, including but not limited to:

  • Windows Security Events or Unix host logs
  • Boundary and internal security devices, both network and host-based, that can identify attack events
  • Authentication logs
  • Anti-Virus Software
  • Firewalls
  • VPN & Wireless IDS Devices
  • File Integrity Monitoring
  • Servers and workstations
  • Production Applications and Databases

Knowledge Base Content




GPG-13: Network Account Privilege/Group Change (Windows)


Investigations are used to pull additional details from the log source around particular events of interest. The GPG-13: Network Account Privilege/Group Change (Windows) investigation can be used to track authorized/unauthorized network privileges or group assignment changes through the environment. The investigation supplements existing user access management procedures and ensures only appropriate access provisioning within the network are implemented and the risk of unauthorized access changes are limited.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.