MAS-TRMG – Investigations
Investigations | ID | Description | Directly Meet Requirements | Augment Requirements | Data Source | Intelligent Indexing | Classifications | Log Sources |
|---|---|---|---|---|---|---|---|---|
MAS: Physical Access Inv | 504 | This investigation provides details of physical access success and failure activity for Critical and Production environments (entity structure). | 10.2.4, 12.1.4 | 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4 | Data Processor | Yes, No, Yes, No | Audit : Access Failure, Audit : Access Success, Audit : Authentication Failure, Audit : Authentication Success | MAS: Physical Security Systems |
MAS: Non-Encrypted Protocol Inv | 503 | This investigation provides details of unencrypted applications being utilized within the critical, production, and online banking systems environments (entity structure). | 7.4.3 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.3 | Data Processor | Yes | Operations : Information | All Log Sources |
MAS: Data Loss Prevention Inv | 505 | This investigation provides detailed information regarding data loss prevention activities identified through configured AIE rules. | 7.4.3, 9.6.6, 12.1.4, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Information | MAS: Data Loss Prevention |
MAS: Acct Created, Used, Deleted Inv | 506 | The following investigation provides detail information around the configured AIE rule identifying accounts created, used and deleted within the Critical and Production environments (entity structure). | 7.4.3, 9.6.6, 11.1.3 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Platform Manager | Yes | Security : Suspicious | All Log Sources |
MAS: Account Created Inv | 507 | This investigation provides detailed information pertaining to any account created that has not been allocated to a defined MAS user account list in Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Account Created | All Log Sources |
MAS: Priv Acct Auth Failure Inv | 508 | This investigation provides detailed information around privileged account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: Priv Acct Auth Success Inv | 509 | This investigation provides detailed information around privileged account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: Priv Acct UAM Inv | 510 | This investigation provides detail of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: Priv Acct Access Success Inv | 511 | This investigation provides detailed information around access success for privileged accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: Priv Acct Access Failure Inv | 512 | This investigation provides detailed information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: Priv Acct Disabled/Enabled Inv | 513 | This investigation provides detailed information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: Vendor Acct Authentication Failure Inv | 514 | This investigation provides detailed information around vendor account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: Vendor Acct Authentication Success Inv | 515 | This investigation provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: Vendor Acct Access Failure Inv | 516 | This investigation provides detailed information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: Shared Acct Access Success Inv | 517 | This investigation provides detailed information around access success for shared accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: Vendor Acct Access Success Inv | 518 | This investigation provides detailed information around access success for vendor accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: Vendor Acct Disabled/Enabled Inv | 519 | This investigation provides detailed information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: Default Acct Disabled/Enabled Inv | 520 | This investigation provides detailed information when a default and generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: Vendor Acct UAM Inv | 521 | This investigation provides detail of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: Default Acct Authentication Failure Inv | 522 | This investigation provides detailed information around default and generic account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: Default Acct Authentication Success Inv | 523 | This investigation provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: Default Acct Access Failure Inv | 524 | This investigation provides detailed information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: Default Acct Access Success Inv | 525 | This investigation provides detailed information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: Default Acct UAM Inv | 526 | This investigation provides detail of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: Shared Acct Authentication Failure Inv | 527 | This investigation provides detailed information around shared account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: Shared Acct Authentication Success Inv | 528 | This investigation provides detailed information around shared account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: Shared Acct Access Failure Inv | 529 | This investigation provides detailed information around access failures for shared accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: Shared Acct Disabled/Enabled Inv | 530 | This investigation provides detailed information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: Shared Acct UAM Inv | 531 | This investigation provides detail of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: BU Acct Authentication Failure Inv | 532 | This investigation provides detailed information around business user account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: BU Acct Authentication Success Inv | 533 | This investigation provides detailed information around business user account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: BU Acct Access Failure Inv | 534 | This investigation provides detailed information around access failures for business user accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: HR Payroll Acct Accs Failure Inv | 535 | This investigation provides detailed information around access failures for HR or payroll accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: BU Acct Access Success Inv | 536 | This investigation provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, .6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: BU Acct Disabled/Enabled Inv | 537 | This investigation provides detailed information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: BU Acct UAM Inv | 538 | This investigation provides detail of various access modifications to business user accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: IT Acct Authentication Failure Inv | 539 | This investigation provides detailed information around IT user account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: IT Acct Authentication Success Inv | 540 | This investigation provides detailed information around IT user account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Authentication Success | All Log Sources |
MAS: IT Acct Access Failure Inv | 541 | This investigation provides detailed information around access failures for IT user accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: IT Acct Access Success Inv | 542 | This investigation provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: IT Acct Disabled/Enabled Inv | 543 | This investigation provides detailed information when a IT user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: IT Acct UAM Inv | 544 | This investigation provides detail of various access modifications to IT user accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: Terminated User Authentication Activity Inv | 545 | This investigation provides detailed information around access success and failures for terminated accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes, No | Audit : Authentication Failure, Audit : Authentication Success | All Log Sources |
MAS: Terminated User Access Activity Inv | 546 | This investigation provides detailed information around terminated account access successes and failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6 | Data Processor | Yes, No | Audit : Access Failure, Audit : Access Success | All Log Sources |
MAS: HR Payroll Acct Auth Failure Inv | 547 | This investigation provides detailed information around HR or payroll account authentication failures across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: HR Payroll Acct Auth Success Inv | 548 | This investigation provides detailed information around HR or payroll account authentication successes across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: HR Payroll Acct Accs Success Inv | 549 | This investigation provides detailed information around access success for HR or payroll accounts (list) within the Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: HR Payroll Acct Disable/Enable Inv | 550 | This investigation provides detailed information when an HR or payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6 | Platform Manager | Yes | Audit : Access Granted, Audit : Access Revoked | MAS: Network Access Control Systems |
MAS: HR Payroll Acct UAM Inv | 551 | This investigation provides detail of various access modifications to HR or payroll accounts (list) occurring within Critical or Production environments (entity structure). | 11.1.3 | 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6 | Data Processor | Yes | Audit : Account Modified | MAS: Network Access Control Systems |
MAS: TST Environment Error Inv | 552 | This investigation provides details around critical or error messages received from test servers or systems (entity structure) to support change management procedures. | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Platform Manager | Yes | Operations : Critical, Operations : Error | All Log Sources |
MAS: TST Authentication Success Inv | 553 | This investigation provides detailed information around account authentication successes across Test environments (entity structure). | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: TST Authentication Failure Inv | 554 | This investigation provides detailed information around account authentication failures across Test environments (entity structure). | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Platform Manager | Yes | Audit : Authentication Failure | All Log Sources |
MAS: TST Access Success Inv | 555 | This investigation provides detailed information around access success for accounts (list) within the Test environments (entity structure). | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: TST Access Failure Inv | 556 | This investigation provides detailed information around access failures for accounts (list) within the Test environments (entity structure). | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: TST Priv Acct Authentication Inv | 557 | This investigation provides detailed information around account authentication successes and failures across Test environments (entity structure). | N/A | 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2 | Data Processor | No, Yes | Audit : Authentication Success, Audit : Authentication Failure | All Log Sources |
MAS: Critical Environment Error Inv | 558 | This investigation provides details around critical or error messages received from critical servers or systems (entity structure) to support change management procedures. | 7.4.3, 9.6.6 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3 | Platform Manager | Yes | Operations : Critical, Operations : Error | All Log Sources |
MAS: Production Environment Error Inv | 559 | This investigation provides details around critical or error messages received from production servers or systems (entity structure) to support change management procedures. | 7.4.3, 9.6.6 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3 | Platform Manager | Yes | Operations : Critical, Operations : Error | All Log Sources |
MAS: LogRhythm Silent Log Source Error Inv | 560 | This investigation provides detailed information when a LogRhythm Log Source has not received logs during the defined error period, for critical, production, and online banking environments (entity structure). | 7.4.3, 9.6.6, 12.1.4, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Warning | All Log Sources |
MAS: Backup Failure/Error Inv | 561 | This investigation provides detail of critical and error messages received from backup software (log source list) across critical, production, and online banking environments (entity structure). | 7.4.3, 9.6.6, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Critical, Operations : Error | MAS: Backup Servers- Systems |
MAS: Backup Activity Inv | 562 | This investigation provides detail of activity from backup software (log source list) across critical, production, and online banking environments (entity structure). | 7.4.3, 9.6.6, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Data Processor | Yes | Operations : Information | MAS: Backup Servers- Systems |
MAS: FIM Activity Inv | 563 | This investigation provides detail of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions. | 7.4.3, 9.6.6, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Data Processor | Yes for FIM | Operations : Information | MAS: File Integrity Monitors |
MAS: FIM Critical/Error/Information Inv | 502 | This investigation provides details of critical failures, errors, and information from file integrity monitoring software across critical, production, and online banking systems environments (entity structure). | 7.4.3, 9.6.6, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Critical, Operations : Error | MAS: File Integrity Monitors |
MAS: Config/Policy Change Inv | 564 | This investigation provides details of the occurrence of configuration or policy changes within critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Data Processor | Yes | Audit : Configuration, Audit : Policy | All Log Sources |
MAS: *NIX Hosts Configuration Change Inv | 565 | This investigation provides detail of configuration changes and policy modifications on production *NIX hosts across critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Data Processor | Yes | Audit : Configuration | All Log Sources |
MAS: Windows Hosts Configuration Change Inv | 566 | This investigation provides detail of configuration changes and policy modifications on Windows hosts across critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Audit : Configuration | All Log Sources |
MAS: Patch Applied Inv | 567 | This investigation provides detail of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed. | 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Data Processor | Yes | Operations : Information | All Log Sources |
MAS: Patch Failure Inv | 568 | This investigation provides detailed information around patch failure log messages received across critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Error | All Log Sources |
MAS: Signature Update Inv | 569 | This investigation provides details on signature update activity across critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Information | All Log Sources |
MAS: Signature Failure Inv | 570 | This investigation provides details of signature failure messages received from critical, production, and online banking environments (entity structure). | 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Error | All Log Sources |
MAS: Time Sync Error Inv | 571 | This investigation provides details of time sync errors occurring within critical, production, and online banking environments (entity structure). | 7.4.3, 9.6.6, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Warning | All Log Sources |
MAS: Malware Detected Inv | 572 | This investigation provides detail of malware activity by entity and impacted host within the organization's critical, production, and online banking environments. | 7.4.3, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Security : Malware | MAS: Malware Prevention Systems |
MAS: Vulnerability Detected Inv | 573 | This investigation provides detail of potential vulnerabilities detected across the critical, production, and online banking environments (entity structure). | 7.4.3, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Security : Vulnerability | MAS: Network Security Systems |
MAS: Attack Detected Inv | 574 | This investigation provides detailed information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical, production, and online banking environments (entity structure). | 7.4.3, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Security: Attack | MAS: Network Security Systems |
MAS: Rogue Access Point Inv | 575 | This investigation provides detail of all detected rogue wireless access points by Impacted Host across critical, production, and online banking environments (entity structure). | 7.4.3, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4 | Platform Manager | Yes | Security : Suspicious | MAS: Network Security Systems |
MAS: Audit Log Inv | 576 | This investigation provides detailed information on the occurrence of audit log write failures or when an audit log is cleared. | 7.4.3, 9.6.6, 12.1.4, 12.1.9 | 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Audit | All Log Sources |
MAS: Discovered Wireless Access Activity Inv | 577 | This investigation provides detailed information around discovered wireless access points grouped by Common Event and identify rogue wireless access points. This is impacted by Critical and Production environments (entity structure). | 7.4.3 | 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3 | Platform Manager | Yes | Security : Suspicious | MAS: Wireless IDS |
MAS: Suspicious Door Access Inv | 578 | This investigation provides detailed information around the AIE rule where suspicious door activities have taken place. Within the report criteria, customers should define the log source that correlates with their physical security system(s). | 10.2.4, 12.1.4 | 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4 | Platform Manager | Yes | Security : Suspicious | MAS: Physical Security Systems |
MAS: Suspected Wireless Attack Inv | 579 | This investigation provides detailed information on suspected wireless attacks at the internal boundary including the type of attack and impacted (targeted) host and application (if applicable). To supplement this report, consider running an Investigation to capture further information. This is based on Critical and Production environments (entity structure). | 7.4.3 | 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3 | Platform Manager | Yes | Security : Suspicious | MAS: Wireless IDS |
MAS: Online Banking Error Inv | 580 | This investigation provides summary details around critical or error messages received from Online Banking servers or systems (entity structure) to support change management procedures. | 12.1.4, 12.1.9 | 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Platform Manager | Yes | Operations : Critical, Operations : Error | All Log Sources |
MAS: Online Banking Auth Success Inv | 581 | This investigation provides detailed information around account authentication successes across Online Banking environments (entity structure). | 12.1.4 | 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Data Processor | No | Audit : Authentication Success | All Log Sources |
MAS: Online Banking Auth Failure Inv | 582 | This investigation provides detailed information around account authentication failures across Online Banking environments (entity structure). | 12.1.4 | 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Data Processor | Yes | Audit : Authentication Failure | All Log Sources |
MAS: Online Banking Access Success Inv | 583 | This investigation provides detailed information around access success for accounts within the Online Banking environments (entity structure). | 12.1.4 | 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Data Processor | No | Audit : Access Success | All Log Sources |
MAS: Online Banking Access Failure Inv | 584 | This investigation provides detailed information around access failures for accounts within the Online Banking environments (entity structure). | 12.1.4 | 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4 | Data Processor | Yes | Audit : Access Failure | All Log Sources |
MAS: System Startup/Shutdown Inv | 585 | This investigation provides details of system startup/shutdown activity by impacted host within the organization's critical, production, and online banking environments (entity structure). | 7.4.3 | 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3 | Data Processor | No | Operations : Information | MAS: All Log Sources |