KSA-ECC – Reports and Reporting Packages
| Report Name | Report ID | Control Support | Data Source | Log Sources |
|---|---|---|---|---|
| CCF: Applications Accessed By User Summary | 2063 | 1.8.3, 2.7.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Audit Log Summary | 2076 | 1.8.3, 2.15.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Backup Activity Summary | 2062 | 1.8.3, 2.3.3, 2.9.3, 3.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Compromises Detected Summary | 2064 | 1.8.3, 2.3.3, 2.5.3, 2.10.3, 2.13.13, 2.15.3, 3.1.3, 5.1.3 | LogMart | All Available Log Sources |
| CCF: Config/Policy Change Summary | 2049 | 1.8.3, 2.3.3, 2.4.3, 2.5.3, 2.8.3, 2.10.3, 2.15.3, 3.1.3, 5.1.3 | LogMart | All Available Log Sources |
| CCF: Critical Environment Error Summary | 2050 | 1.8.3, 2.3.3, 2.4.3, 2.5.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: GeoIP Summary | 2069 | 1.8.3, 2.5.3, 4.2.3 | Platform Manager | All Available Log Sources |
| CCF: LogRhythm Data Loss Defender Log Summary | 2066 | 1.8.3, 2.7.3 | LogMart | All Available Log Sources |
| CCF: Malware Detected Summary | 2051 | 1.8.3, 2.3.3, 2.10.3, 2.13.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Object Access Summary | 2067 | 1.8.3, 2.3.3, 2.7.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Patch Activity Summary | 2052 | 1.6.3, 1.8.3, 2.10.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Physical Access Summary | 2053 | 1.8.3, 2.14.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Priv Account Management Activity Summary | 2080 | 1.8.3, 2.2.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Priv Authentication Activity Summary | 2079 | 1.8.3, 2.2.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Rogue Access Point Summary | 2054 | 1.8.3, 2.2.3, 2.3.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Signature Activity Summary | 2055 | 1.6.3, 1.8.3, 2.3.3, 2.5.3, 3.1.3 | LogMart | All Available Log Sources |
| CCF: Social Media Summary | 2070 | 1.8.3, 2.3.3, 3.1.3 | Platform Manager | All Available Log Sources |
| CCF: Suspected Wireless Attack Summary | 2056 | 1.8.3, 2.3.3, 2.5.3, 2.13.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: Time Sync Error Summary | 2057 | 1.8.3, 3.1.3 | Platform Manager | All Available Log Sources |
| CCF: Top Suspicious Users | 2059 | 1.8.3, 2.2.3, 3.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Use Of Non-Encrypted Protocols Summary | 2060 | 1.8.3, 2.5.3, 2.8.3, 2.15.3, 3.1.3, 5.1.3 | LogMart | All Available Log Sources |
| CCF: User Misuse Summary | 2061 | 1.8.3, 2.2.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
| CCF: User Priv Escalation (SU & SUDO) Summary | 2078 | 1.8.3, 2.2.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: User Priv Escalation (Windows) Summary | 2077 | 1.8.3, 2.2.3, 3.1.3, 5.1.3 | Data Processor(s) | All Available Log Sources |
| CCF: Vulnerability Detected Summary | 2058 | 1.6.2, 1.6.3, 1.8.3, 2.3.3, 2.5.3, 2.10.3, 3.1.3, 5.1.3 | Platform Manager | All Available Log Sources |
Report Package Name | Report Package ID | Description |
|---|---|---|
| CCF: Daily IT Operations Reporting Package | 89 | This Reporting Package is a template to deliver pertinent content for IT Operations on a daily basis. |
| CCF: Daily IT Security Reporting Package | 90 | This Reporting Package is a template to deliver pertinent content for IT Security on a daily basis. |
| CCF: Executive Reporting Package | 87 | This reporting package is a template to deliver pertinent content for Executives on a monthly basis. |
| CCF: Weekly Audit Reporting Package | 88 | This Reporting Package is a template to deliver pertinent content for Internal and/or External Audit groups on a weekly basis |