GPG-13 User Guide – Reports and Reporting Packages

Reports

Malware Detected at Various Layers – boundary, internal, and hosts

This report returns a summary of events that indicate malware both at the boundary, within the internal network, and at the host level. This is useful for incident response in the event that malware enters your environment. Further, continuous monitoring allows for a more proactive approach to the detection and prevention of malware.

Top Attacker Summary, Top Targeted Application Summary, Top Targeted Host Summary

This ‘Top’ report combination assists organizations in identifying those likely targets of malware intrusion, enabling a more proactive approach to protecting your cyber security assets to supplement GPG-13 control objective PMC11. These reports cover various layers of your infrastructure, including critical applications and hosts, which can be presented to security, operations, and executive audiences in your organization.

Audit Logging Exceptions

This report returns information around logging exceptions received from the LogRhythm console to indicate any log resets, error conditions, failures, or threshold exceptions. This reporting and subsequent alerting provides visibility to security and operations personnel to help address any logging issues and ensure continuous monitoring is pursued.

Knowledge Base Content

Components

These reports will cover all log sources in your environment, but will specifically require logs from anti-malware systems, servers, workstations, internal boundary-enforcing devices, file integrity monitors, VPN devices, security enforcing, and vulnerability detection systems. Once configured properly, any system on which malware is detected will be captured in the GPG-13: Successful/Failed Malware Detected at Boundary or GPG-13: Successful/Failed Malware Detected on Host (Server or Workstation) reports.

How to Use These Reports

These reports provide additional data to supplement AI Engine alerts and notifications around potential malware intrusion into your network and materials appropriate to be consumed by executives. By combining alert notifications and reporting on potential malicious activities, a proactive approach is applied to reduce the time of detection and remediation to address potential malware and cyber-attacks.

Report Packages

GPG-13: Advanced Compliance Reports

This report package (#60) is configured to run reports established according to GPG-13 controls to supplement or support meeting these control objectives. This reporting package needs to be set by the customer to be exported in Microsoft 2007 Excel - Customer to define the export path. Ensure appropriate authorization and account credentials are established to enable writing to the appropriate file storage location. (Note: current setting to View reports after running, but can be reconfigured according to customer needs).GPG-13: Advanced Compliance Exec Reporting Package

This report package (#59) is configured to run reports to be consumed at the executive level in order to supplement GPG-13 control PMC11 and provides overviews and summaries of security monitoring-related events within the environment. This reporting package needs to be set by the customer to be exported in Microsoft 2007 Excel - Customer to define the export path. Ensure appropriate authorization and account credentials are established to enable writing to the appropriate file storage location.

The current setting is to View reports after running but can be reconfigured according to customer needs.

Additional reporting packages can be created by selecting those reports desired to be included in the package, as needed by the customer. Reporting packages can be set up to email reports to particular groups or uses, load reports to a directory/folder and set to run according to a desired schedule. Contact LogRhythm Support for additional assistance in setting up new reporting packages.

Knowledge Base Content