MAS-TRMG – Reports and Reporting Packages

MAS: Physical Access Summary

This report summarizes physical door access/authentication success and failures within the organization's physical security perimeter.

Direct: 10.2.4, 12.1.4

Augment: 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4

1675

Platform Manager

Yes, No, Yes, No

Access Failure, Access Success, Authentication Failure, Authentication Success

MAS: Physical Security Systems

MAS: Non-Encrypted Protocol Summary

This report provides a summary of non-encrypted protocols seen on the network grouped by Impacted Application.

Direct: 7.4.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.3

1676

Data Processor

Yes

Operations : Information

All Log Sources

MAS: FIM Critical/Error/Information Summary

This report provides a summary of critical failures, errors, and information from file integrity monitoring software for both LogRhythm FIM and other FIM solutions.

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1677

Platform Manager

Yes

Operations : Critical, Operations : Error

MAS: File Integrity Monitors

MAS: Data Loss Prevention Summary

This report provides summary information regarding data loss prevention activities identified through configured AIE rules.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1678

Platform Manager

Yes

Audit

All Log Sources

MAS: FIM Activity Summary

This report provides a summary of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions.

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1679

Data Processor

Yes for FIM

Operations

MAS: File Integrity Monitors

MAS: Acct Created, Used, Deleted Summary

This report provides summary information for any instance where an internal account is created, used and then deleted. This is driven by configured AIE rule(s).

Direct: 7.4.3, 9.6.6, 11.1.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1680

Platform Manager

Yes

Security : Suspicious

All Log Sources

MAS: Account Created Summary

This report provides summary information around account creations as compared to existing user lists within LogRhythm and supplements User Access Management activities.

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1681

Platform Manager

Yes

Audit : Account Created

MAS: Network Access Control Systems

MAS: Top Applications Experiencing Errors Summary

This report provides a summary of applications experiencing errors by highest log count for Critical, Production, and Online Banking environments (entity structure).

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3

1682

Log Mart

Yes

Audit

All Log Sources

MAS: Top Hosts Experiencing Errors Summary

This report provides a summary of hosts experiencing errors by highest log count for Critical, Production, and Online Banking environments (entity structure).

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3

1683

Log Mart

Yes

Audit

All Log Sources

MAS: Top Attacker Summary

This report summarizes security activity (activity, attack, compromise, denial of service, failed activity, failed attack, failed denial of service, failed malware, failed misuse, failed suspicious, malware, misuse, reconnaissance, suspicious, vulnerability) by Origin Host. This is applicable to Critical, Production, and Online Banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1684

Log Mart

Yes

Security

All Log Sources

MAS: Top Suspicious Users Summary

This report lists all users generating suspicious activity ordered by the number of events (high to low) for Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1685

Data Processor

Yes

Security

All Log Sources

MAS: Top Suspicious Login Summary

This report summarizes security activity (activity, attack, compromise, denial of service, failed activity, failed attack, failed denial of service, failed malware, failed misuse, failed suspicious, malware, misuse, reconnaissance, suspicious, vulnerability) by User (Origin). This report is based on Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1686

Data Processor

Yes

Security

All Log Sources

MAS: Top Targeted Application Summary

This report summarizes security activity (activity, attack, compromise, denial of service, failed activity, failed attack, failed denial of service, failed malware, failed misuse, failed suspicious, malware, misuse, reconnaissance, suspicious, vulnerability) by Impacted Application. This report is configured to run against Critical, Production, and Online Banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1687

Data Processor

Yes

Security

All Log Sources

MAS: Top Targeted Host Summary

This report provides a summary overview of top targeted systems according by impacted host. The report is configured to report on these activities across Critical, Production, and Online Banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1688

Data Processor

Yes

Security

All Log Sources

MAS: Usage Auditing Activity Summary

The following report provides summary information around usage activity by user and is configured against Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1689

Platform Manager

Yes

Audit

All Log Sources

MAS: Priv Acct Auth Failure Summary

This report provides summary information around privileged account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1690

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Priv Acct Auth Success Summary

This report provides summary information around privileged account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1691

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: Priv Acct UAM Summary

This report provides a summary of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1692

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Priv Acct Access Success Summary

This report provides summary information around access success for privileged accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1693

Log Mart

No

Audit : Access Success

All Log Sources

MAS: Priv Acct Access Failure Summary

This report provides summary information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1694

Platform Manager

Yes

Audit : Acces Failure

All Log Sources

MAS: Priv Acct Disabled/Enabled Summary

This report provides summary information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1695

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Vendor Acct Authentication Failure Summary

This report provides summary information around vendor account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1696

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Vendor Acct Authentication Success Summary

This report provides summary information around vendor account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1697

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: Vendor Acct Access Failure Summary

This report provides summary information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1698

Platform Manager

Yes

Audit: Access Failure

All Log Sources

MAS: Vendor Acct Access Success Summary

This report provides summary information around access success for vendor accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1699

Log Mart

No

Audit : Access Success

All Log Sources

MAS: Vendor Acct Disabled/Enabled Summary

This report provides summary information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1700

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Vendor Acct UAM Summary

This report provides a summary of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1701

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Default Acct Authentication Failure Summary

This report provides summary information around default and generic account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1702

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Default Acct Authentication Success Summary

This report provides summary information around default and generic account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1703

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: Default Acct Access Failure Summary

This report provides summary information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1704

Platform Manager

Yes

Audit : Access Failure

All Log Sources

MAS: Default Acct Access Success Summary

This report provides summary information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1705

Log Mart

No

Audit : Access Failure

All Log Sources

MAS: Default Acct Disabled/Enabled Summary

This report provides summary information when a default or generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1706

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Default Acct UAM Summary

This report provides a summary of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1707

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Shared Acct Authentication Failure Summary

This report provides summary information around shared account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1708

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Shared Acct Authentication Success Summary

This report provides summary information around shared account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1709

Log Mart

No

Audit : Authenticaiton Success

All Log Sources

MAS: Shared Acct Access Failure Summary

This report provides summary information around access failures for shared accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1710

Platform Manager

Yes

Audit : Access Failure

All Log Sources

MAS: Shared Acct Access Success Summary

This report provides summary information around access success for shared accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1711

Log Mart

No

Audit : Access Success

All Log Sources

MAS: Shared Acct Disabled/Enabled Summary

This report provides summary information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1712

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Shared Acct UAM Summary

This report provides a summary of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1713

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: BU Acct Authentication Failure Summary

This report provides summary information around business user account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1714

Platform Manager

Yes

Audit : Authenticaiton Failure

All Log Sources

MAS: BU Acct Authentication Success Summary

This report provides summary information around business user account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1715

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: BU Acct Access Failure Summary

This report provides summary information around access failures for business user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1716

Platform Manager

Yes

Audit : Access Failure

All Log Sources

MAS: BU Acct Access Success Summary

This report provides summary information around access success for business user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1717

Log Mart

No

Audit : Access Success

All Log Sources

MAS: BU Acct Disabled/Enabled Summary

This report provides summary information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1718

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: BU Acct UAM Summary

This report provides a summary of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1719

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: IT Acct Authentication Failure Summary

This report provides summary information around IT user account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1720

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: IT Acct Authentication Success Summary

This report provides summary information around IT user account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1721

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: IT Acct Access Failure Summary

This report provides summary information around access failures for IT user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1722

Platform Manager

Yes

Audit : Access Failure

All Log Sources

MAS: IT Acct Access Success Summary

This report provides summary information around access success for IT user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1723

Log Mart

No

Audit : Access Success

All Log Sources

MAS: IT Acct Disabled/Enabled Summary

This report provides summary information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1724

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: IT Acct UAM Summary

This report provides a summary of various access modifications to IT user accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1725

Data Processor

Yes

Audit : Account Modification

MAS: Network Access Control Systems

MAS: Terminated User Access Activity Summary

This report provides a summary of access success and failures from terminated accounts (list) within Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1726

Data Processor

No, Yes

Access Success, Access Failure

All Log Sources

MAS: Terminated User Auth Activity Summary

This report provides a summary of authentication successes and failures from terminated accounts (list) within Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1727

Data Processor

No, Yes

Authentication Success, Authentication Failure

All Log Sources

MAS: HR Payroll Acct Auth Failure Summary

This report provides summary information around HR or Payroll account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1728

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: HR Payroll Acct Auth Success Summary

This report provides summary information around HR or Payroll account (list) authentication success across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1729

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: HR Payroll Acct Accs Failure Summary

This report provides summary information around access failures for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1730

Platform Manager

Yes

Audit : Access Failure

All Log Sources

MAS: HR Payroll Acct Accs Success Summary

This report provides summary information around access success for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1731

Log Mart

No

Audit : Access Success

All Log Sources

MAS: HR Payroll Acct Disable/Enable Summary

This report provides summary information when an HR or Payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1732

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: HR Payroll Acct UAM Summary

This report provides a summary of various access modifications to HR or Payroll accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1733

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: TST Environment Error Summary

This report provides summary details around critical or error messages received from test servers or systems (entity structure) to support change management procedures.

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1734

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: TST Authentication Success Summary

This report provides summary information around authentication success across test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1735

Log Mart

No

Audit : Authenticaiton Success

All Log Sources

MAS: TST Authentication Failure Summary

This report provides summary information around authentication failures across test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1736

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: TST Access Success Summary

This report provides summary information around access success for accounts within the test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1737

Log Mart

No

Audit : Access Success

All Log Sources

MAS: TST Priv Acct Authentication Summary

This report provides summary information around authentication success and failures for defined privileged accounts (list) within the test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1738

Data Processor

No, Yes

Authentication Success, Authentication Failure

All Log Sources

MAS: TST Access Failure Summary

This report provides summary information around access failures for accounts within the test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1739

Platform Manager

Yes

Access Failure

All Log Sources

MAS: Critical Environment Error Summary

This report provides summary details around critical or error messages received from critical servers or systems (entity structure) to support change management procedures.

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3

1740

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: Production Environment Error Summary

This report provides summary details around critical or error messages received from production servers or systems (entity structure) to support change management procedures.

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3

1741

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: LogRhythm Silent Log Source Error Summary

This report provides summary information when a LogRhythm Log Source has not received logs during the defined error period, for critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1742

Platform Manager

Yes

Operations : Warning

All Log Sources

MAS: Backup Activity Summary

This report provides a summary of activity from backup software (log source list) across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1743

Data Processor

Yes

Operations : Information

MAS: Backup Servers-Systems

MAS: Backup Failure/Error Summary

This report provides a summary of critical and error messages received from backup software (log source list) across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1744

Data Processor

Yes

Operations : Critical

MAS: Backup Servers-Systems

MAS: Config/Policy Change Summary

This report provides a summary of the occurrence of configuration or policy changes across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1745

Log Mart

Yes

Audit : Policy Audit : Configuration

All Log Sources

MAS: *NIX Hosts Configuration Change Summary

This report provides a summary account of configuration changes and policy modifications on production *NIX hosts across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1746

Data Processor

Yes

Audit : Configuration

All Log Sources

MAS: Windows Hosts Configuration Change Summary

This report provides a summary account of configuration changes and policy modifications on Windows hosts across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1747

Platform Manager

Yes

Audit : Configuration

All Log Sources

MAS: Patch Failure Summary

This report provides summary information around patch failure log messages received across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1748

Platform Manager

Yes

Operations : Error

All Log Sources

MAS: Patch Applied Summary

This report provides a summary of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1749

Data Processor

Yes

Operations : Information

All Log Sources

MAS: Signature Failure Summary

This report provides a summary of signature failure messages received from critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1750

Platform Manager

Yes

Operations : Error

All Log Sources

MAS: Signature Update Summary

This report provides summary information on signature update activity across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1751

Log Mart

Yes

Operations : Information

All Log Sources

MAS: Time Sync Error Summary

This report provides a summary of time sync errors occurring within critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1752

Platform Manager

Yes

Operations : Warning

All Log Sources

MAS: System Startup And Shutdown Summary

This report provides a summary of system startup/shutdown activity by impacted host within the organization's critical, production, and online banking environments (entity structure).

Direct: 7.4.3

Augment: 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3

1753

Log Mart

No

Operations : Information

All Log Sources

MAS: Malware Detected Summary

This report provides a summary of malware activity by entity and impacted host within the organization's critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1754

Platform Manager

No

Security : Malware

MAS: Malware Prevention Systems

MAS: Vulnerability Detected Summary

This report provides a summary of potential vulnerabilities detected across the critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1755

Platform Manager

Yes

Security : Vulnerability

MAS: Network Security Systems

MAS: Attack Detected Summary

This report provides summary information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1756

Platform Manager

Yes

Security : Attack

MAS: Network Security Systems

MAS: Rogue Access Point Summary

This report provides a summary of all detected rogue wireless access points by Impacted Host across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1 ,9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 2.2.4

1757

Platform Manager

Yes

Security : Suspicious

MAS: Network Security Systems

MAS: Log Volume by Log Source Summary

This report provides a summary of log management statistics by log source.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3,12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1758

Platform Manager

Yes

Operations

All Log Sources

MAS: Log Volume by Entity Summary

This report provides a summary of log management statistics by entity.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1759

Platform Manager

Yes

Operations

All Log Sources

MAS: Audit Log Summary

This report provides summary information on the occurrence of audit log write failures or when an audit log is cleared.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1760

Log Mart

Yes

Audit

All Log Sources

MAS: Discovered Wireless Access Activity Summary

This report provides summary information around discovered wireless access points grouped by Common Event and identify rogue wireless access points. This is impacted by Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1761

Platform Manager

Yes

Security : Suspicious

MAS: Wireless IDS

MAS: Suspected Wireless Attack Summary

This report provides summary information on suspected wireless attacks at the internal boundary including the type if attack and impacted (targeted) host and application (if applicable). To supplement this Summary Report consider running an Investigation to capture further information. This is based on Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1762

Platform Manager

Yes

Security : Suspicious

MAS: Wireless IDS

MAS: Suspicious Door Access Summary

This report provides summary information around the AIE rule where suspicious door activities have taken place. Within the report criteria, customers should define the log source that correlates with their physical security system(s).

Direct: 10.2.4, 12.1.4

Augment: 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4

1763

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: Online Banking Auth Success Summary

This report provides summary information around authentication success across Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1764

Log Mart

No

Audit : Authentication Success

All Log Sources

MAS: Online Banking Auth Failure Summary

This report provides summary information around authentication failures across Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1765

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Online Banking Access Success Summary

This report provides summary information around access success for accounts within the Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1766

Log Mart

No

Audit : Access Success

All Log Sources

MAS: Online Banking Access Failure Summary

This report provides summary information around access failures for accounts within the Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1767

Platform Manager

Yes

Audit : Access Failure

All Log Sources

Direct: 12.1.4, 12.1.9

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

MAS: Physical Access Detail

This report provides details of physical access success and failure activity for Critical and Production environments (entity structure).

Direct: 10.2.4, 12.1.4

Augment: 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4

1768

Data Processor

Yes, No, Yes, No

Audit : Access Failure, Access Success, Authentication Failure, Authentication Success

MAS: Physical Security Systems

MAS: Non-Encrypted Protocol Detail

This report provides details of unencrypted applications being utilized within the critical, production, and online banking environments (entity structure).

Direct: 7.4.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.3

1769

Data Processor

Yes

Operations: Information

All Log Sources

MAS: FIM Critical/Error/Information Detail

This report provides details of critical failures, errors, and information from file integrity monitoring software across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1770

Platform Manager

Yes

Operations : Critical, Operations : Error

MAS: File Integrity Monitors

MAS: Acct Created, Used, Deleted Detail

The following report provides detailed information around the configured AIE rule identifying accounts created, used and deleted within the Critical and Production environments (entity structure).

Direct: 7.4.3, 9.6.6, 11.1.3

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1771

Platform Manager

Yes

Security : Suspicious

All Log Sources

MAS: Account Created Detail

This report provides detailed information pertaining to any account created that has not been allocated to a defined MAS user account list in Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1772

Platform Manager

Yes

Audit : Account Created

All Log Sources

MAS: Priv Acct Auth Failure Detail

This report provides detailed information around privileged account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1773

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Priv Acct Auth Success Detail

This report provides detailed information around privileged account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1774

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: Priv Acct UAM Detail

This report provides detail of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1775

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Priv Acct Access Success Detail

This report provides detailed information around access success for privileged accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1776

Data Processor

No

Audit : Access Success

All Log Sources

MAS: Priv Acct Access Failure Detail

This report provides detailed information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1777

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: Priv Acct Disabled/Enabled Detail

This report provides detailed information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1778

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Vendor Acct Authentication Failure Detail

This report provides detailed information around vendor account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1779

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Vendor Acct Authentication Success Detail

This report provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1780

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: Vendor Acct Access Failure Detail

This report provides detailed information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1781

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: Vendor Acct Access Success Detail

This report provides detailed information around access success for vendor accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1782

Data Processor

No

Audit: Access Success

All Log Sources

MAS: Vendor Acct Disabled/Enabled Detail

This report provides detailed information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1783

Platform Manager

Yes

Audit : Access Revoked Audit : Access Granted

MAS: Network Access Control Systems

MAS: Vendor Acct UAM Detail

This report provides detail of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.2, 11.1.4, 11.1.6

1784

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Default Acct Authentication Failure Detail

This report provides detailed information around default and generic account (list) authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1785

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Default Acct Authentication Success Detail

This report provides detailed information around default and generic account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1786

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: Default Acct Access Failure Detail

This report provides detailed information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1787

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: Default Acct Access Success Detail

This report provides detailed information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1788

Data Processor

No

Audit : Access Success

All Log Sources

MAS: Default Acct Disabled/Enabled Detail

This report provides detailed information when a default and generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1789

Platform Manager

Yes

Audit : Access Revoked

Audit : Access Granted

MAS: Network Access Control Systems

MAS: Default Acct UAM Detail

This report provides detail of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1790

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Shared Acct Authentication Failure Detail

This report provides detailed information around shared account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1791

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Shared Acct Authentication Success Detail

This report provides detailed information around shared account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1792

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: Shared Acct Access Success Detail

This report provides detailed information around access success for shared accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1793

Data Processor

No

Audit : Access Success

All Log Sources

MAS: Shared Acct Access Failure Detail

This report provides detailed information around access failures for shared accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1794

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: Shared Acct Disabled/Enabled Detail

This report provides detailed information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1795

Platform Manager

Yes

Audit : Access Revoked

Audit : Access Granted

MAS: Network Access Control Systems

MAS: Shared Acct UAM Detail

This report provides detail of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1796

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: BU Acct Authentication Failure Detail

This report provides detailed information around business user account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1797

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: BU Acct Authentication Success Detail

This report provides detailed information around business user account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1798

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: BU Acct Access Failure Detail

This report provides detailed information around access failures for business user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1799

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: BU Acct Access Success Detail

This report provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1800

Data Processor

No

Audit : Access Success

All Log Sources

MAS: BU Acct Disabled/Enabled Detail

This report provides detailed information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1801

Platform Manager

Yes

Audit : Access Revoked

Audit : Access Granted

MAS: Network Access Control Systems

MAS: BU Acct UAM Detail

This report provides detail of various access modifications to business user accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1802

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: IT Acct Authentication Failure Detail

This report provides detailed information around IT account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1803

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: IT Acct Access Failure Detail

This report provides detailed information around access failures for IT accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1804

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: IT Acct Authentication Success Detail

This report provides detailed information around IT account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1805

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: IT Acct Access Success Detail

This report provides detailed information around access success for IT accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1806

Data Processor

No

Audit : Access Success

All Log Sources

MAS: IT Acct Disabled/Enabled Detail

This report provides detailed information when an IT account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1807

Platform Manager

Yes

Audit : Access Revoked

Audit : Access Granted

MAS: Network Access Control Systems

MAS: IT Acct UAM Detail

This report provides detail of various access modifications to IT accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1808

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: Terminated User Access Activity Detail

This report provides detail of account access attempts associated with terminated users (list) within Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1809

Data Processor

Yes, No

Audit : Access Failure

Audit : Access Success

All Log Sources

MAS: Terminated User Auth Activity Detail

This report provides detail of account authentication attempts associated with terminated users (list) within Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.3, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 10.2.1, 11.1.1, 11.1.2, 11.1.4, 11.1.5, 11.1.6

1810

Data Processor

Yes, No

Audit : Authentication Failure

Audit : Authentication Success

All Log Sources

MAS: HR Payroll Acct Auth Failure Detail

This report provides detailed information around HR or Payroll account authentication failures across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1811

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: HR Payroll Acct Auth Success Detail

This report provides detailed information around HR or Payroll account authentication successes across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1812

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: HR Payroll Acct Accs Failure Detail

This report provides detailed information around access failures for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1813

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: HR Payroll Acct Accs Success Detail

This report provides detailed information around access success for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1814

Data Processor

No

Audit : Access Success

All Log Sources

MAS: HR Payroll Acct Disable/Enable Detail

This report provides detailed information when an HR or Payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.5, 11.1.6

1815

Platform Manager

Yes

Audit : Access Revoked

Audit : Access Granted

MAS: Network Access Control Systems

MAS: HR Payroll Acct UAM Detail

This report provides detail of various access modifications to HR or Payroll accounts (list) occurring within Critical or Production environments (entity structure).

Direct: 11.1.3

Augment: 4.1.1, 6.2.1, 6.4.3, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 11.1.1, 11.1.4, 11.1.6

1816

Data Processor

Yes

Audit : Account Modified

MAS: Network Access Control Systems

MAS: TST Environment Error Detail

This report provides details around critical or error messages received from test servers or systems (entity structure) to support change management procedures.

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1817

Platform Manager

Yes

Operations: Critical, Operations : Error

All Log Sources

MAS: TST Authentication Success Detail

This report provides detailed information around account authentication successes across Test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1818

Data Processor

No

Audit : Authentications Success

All Log Sources

MAS: TST Authentication Failure Detail

This report provides detailed information around account authentication failures across Test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1819

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: TST Access Success Detail

This report provides detailed information around access success for accounts within the Test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1820

Data Processor

No

Audit : Access Success

All Log Sources

MAS: TST Access Failure Detail

This report provides detailed information around access failures for accounts within the Test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1821

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: TST Priv Acct Authentication Detail

This report provides detailed information around privileged account authentication successes and failures across Test environments (entity structure).

Augment: 6.2.1, 6.2.2, 6.2.5, 6.4.4, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.5.2

1822

Data Processor

Yes, No

Audit : Authentication Failure

Audit : Authentication Success

All Log Sources

MAS: Critical Environment Error Detail

This report provides details around critical or error messages received from Critical servers or systems (entity structure).

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3

1823

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: Production Environment Error Detail

This report provides details around critical or error messages received from Production servers or systems (entity structure).

Direct: 7.4.3, 9.6.6

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3

1824

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: Backup Failure/Error Detail

This report provides detail of critical and error messages received from backup software (log source list) across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1826

Data Processor

Yes

Operations : Critical

MAS: Backup Servers-Systems

MAS: Backup Activity Detail

This report provides detail of activity from backup software (log source list) across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.2.1, 6.4.3, 7.1.6, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.4, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1827

Data Processor

Yes

Operations : Information

MAS: Backup Servers-Systems

MAS: FIM Activity Detail

This report provides detail of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions.

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1828

Data Processor

Yes for FIM

Operations : Information

MAS: File Integrity Monitors

MAS: Config/Policy Change Detail

This report provides details of the occurrence of configuration or policy changes within critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1829

Data Processor

Yes

Audit : Configuration

Audit : Policy

All Log Sources

MAS: Windows Hosts Configuration Change Detail

This report provides detail of configuration changes and policy modifications on Windows hosts across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1830

Platform Manager

Yes

Audit : Configuration

All Log Sources

MAS: *NIX Hosts Configuration Change Detail

This report provides detail of configuration changes and policy modifications on production *NIX hosts across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1831

Data Processor

Yes

Audit : Configuration

All Log Sources

MAS: Patch Applied Detail

This report provides detail of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1832

Data Processor

Yes

Operations : Information

All Log Sources

MAS: Patch Failure Detail

This report provides detailed information around patch failure log messages received across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1833

Platform Manager

Yes

Operations : Error

All Log Sources

MAS: Signature Update Detail

This report provides details on signature update activity across critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1834

Data Processor

Yes

Operations : Information

All Log Sources

MAS: Signature Failure Detail

This report provides details of signature failure messages received from critical, production, and online banking environments (entity structure).

Direct: 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.7, 7.2.2, 9.3.1, 9.3.2, 9.5.1, 9.5.2, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1835

Platform Manager

Yes

Operations : Error

All Log Sources

MAS: Time Sync Error Detail

This report provides details of time sync errors occurring within critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.9, 5.1.10, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.6.2, 9.6.3, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1836

Platform Manager

Yes

Operations : Warning

All Log Sources

MAS: LogRhythm Silent Log Source Error Detail

This report provides detailed information when a LogRhythm Log Source has not received logs during the defined error period, for critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1837

Platform Manager

Yes

Operations : Warning

All Log Sources

MAS: Malware Detected Detail

This report provides detail of malware activity by entity and impacted host within the organization's critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1838

Platform Manager

Yes

Security : Malware

MAS: Malware Prevention Systems

MAS: Vulnerability Detected Detail

This report provides detail of potential vulnerabilities detected across the critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1839

Platform Manager

Yes

Security : Vulnerability

MAS: Network Security Systems

MAS: Attack Detected Detail

This report provides detailed information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1840

Platform Manager

Yes

Security : Attack

MAS: Network Security Systems

MAS: Rogue Access Point Detail

This report provides detail of all detected rogue wireless access points by Impacted Host across critical, production, and online banking environments (entity structure).

Direct: 7.4.3, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.2.3, 12.2.4

1841

Platform Manager

Yes

Security : Suspicious

MAS: Network Security Systems

MAS: Data Loss Prevention Detail

This report provides detailed information regarding data loss prevention activities identified through configured AIE rules.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 5.1.4, 5.2.3, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1842

Platform Manager

Yes

Operations : Information

All Log Sources

MAS: System Startup And Shutdown Detail

This report provides details of system startup/shutdown activity by impacted host within the organization's critical, production, and online banking environments (entity structure).

Direct: 7.4.3

Augment: 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.6.2, 9.6.3

1843

Data Processor

No

Operations : Information

All Log Sources

MAS: Audit Log Detail

This report provides detailed information on the occurrence of audit log write failures or when an audit log is cleared.

Direct: 7.4.3, 9.6.6, 12.1.4, 12.1.9

Augment: 4.0.2, 4.1.1, 4.4.3, 4.5.1, 5.1.4, 5.1.7, 5.1.9, 5.1.10, 5.2.3, 5.2.5, 6.0.1, 6.2.1, 6.4.3, 7.1.1, 7.1.2, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.2, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 8.4.1, 8.4.3, 8.4.4, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.1, 9.4.2, 9.4.3, 9.5.2, 9.6.1, 9.6.2, 9.6.3, 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1844

Data Processor

Yes

Audit

All Log Sources

MAS: Discovered Wireless Access Activity Detail

This report provides detailed information around discovered wireless access points grouped by Common Event and identify rogue wireless access points. This is impacted by Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1845

Platform Manager

Yes

Security : Suspicious

MAS: Wireless IDS

MAS: Suspected Wireless Attack Detail

This report provides detailed information on suspected wireless attacks at the internal boundary including the type if attack and impacted (targeted) host and application (if applicable). To supplement this report, consider running an Investigation to capture further information. This is based on Critical and Production environments (entity structure).

Direct: 7.4.3

Augment: 4.1.1, 4.4.3, 4.5.1, 6.2.1, 6.4.3, 7.3.2, 7.3.3, 7.3.6, 7.3.7, 7.3.10, 7.3.12, 7.4.2, 9.0.2, 9.1.1, 9.1.2, 9.1.6, 9.3.3, 9.3.4, 9.3.5, 9.4.1, 9.4.2, 9.4.3, 9.6.1, 9.6.2, 9.6.3

1846

Platform Manager

Yes

Security : Suspicious

MAS: Wireless IDS

MAS: Suspicious Door Access Detail

This report provides detailed information around the AIE rule where suspicious door activities have taken place. Within the report criteria, customers should define the log source that correlates with their physical security system(s).

Direct: 10.2.4, 12.1.4

Augment: 5.1.4, 5.2.3, 10.2.1, 10.2.2, 10.2.3, 10.2.4

1847

Platform Manager

Yes

Operations : Critical, Operations : Error

All Log Sources

MAS: Online Banking Error Detail

This report provides summary details around critical or error messages received from Online Banking servers or systems (entity structure) to support change management procedures.

Direct: 12.1.4, 12.1.9

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1848

Data Processor

No

Audit : Authentication Success

All Log Sources

MAS: Online Banking Auth Success Detail

This report provides detailed information around account authentication successes across Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1849

Data Processor

MAS: Online Banking Auth Failure Detail

This report provides detailed information around account authentication failures across Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1850

Platform Manager

Yes

Audit : Authentication Failure

All Log Sources

MAS: Online Banking Access Success Detail

This report provides detailed information around access success for accounts within the Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1851

Data Processor

No

Audit : Access Success

All Log Sources

MAS: Online Banking Access Failure Detail

This report provides detailed information around access failures for accounts within the Online Banking environments (entity structure).

Direct: 12.1.4

Augment: 12.0.3, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.3, 12.2.4

1852

Data Processor

Yes

Audit : Access Failure

All Log Sources

MAS: Weekly Change Control Reporting Package

This reporting package includes summary reports to assist with audit requests around change control procedures and is run on a weekly basis.

MAS: Weekly UAM Reporting Package

This reporting package includes summary reports to assist with audit requests around user access management, account usage auditing, and/or access provisioning or de-provisioning. This reporting package is run on a weekly basis.

MAS: Daily IT Ops Reporting Package

This reporting package includes summary reports to assist with IT operations and is run on a daily basis.

MAS: Daily IT Security Report Package

This reporting package includes summary reports to assist with IT security activities and is run on a daily basis.

MAS: Monthly Executive Reporting Package

This reporting package includes log summary reports to depict high-level overviews of critical MAS activities within the environment. This package should be catered to a Director or Executive level audience. This is configured to run on a monthly basis.

MAS: Online Banking Report Package

This reporting package includes summary reports that include log data for Online Banking systems. The initial focus of these reports should be scoped for the server side, as there are diverse and customized user interfacing applications for Online Banking. As financial institutions mature their auditing scope of the web-based, user interfacing application a more robust reporting of user and transactional activates in the environment can be added.