MAS-TRMG User Guide – Reports and Reporting Packages
Reports
MAS-TRMG reporting is broken into summary and detailed reports to present various audiences with appropriate forensic log data and audit requests. Summary reports provide a higher level of information that may be appropriate for some audit and management requests. On the other hand, detailed reports provide additional information and in some reports, raw log data, to facilitate IT Security and Operations.
User Access Management & Account Activity
With a large emphasis on User Access Management (UAM) and account monitoring, the associated reports and user lists are designed to augment and extend the capabilities in this area. Summary Reports can provide audit evidence as well as supplemental evidence to facilitate UAM activities. User Lists were designed off common account groupings or classifications (privileged accounts, vendor accounts, business user accounts, IT accounts, etc.) and can easily be integrated with existing periodic reviews using Active Directory Sync.
Executive Summary Reports
Various reports are designed to provide an audience with necessary forensic data to analyse and make strategic decisions in the pursuit of MAS-TRMG compliance. With this concept in mind, the ‘Top’ reports assist in prioritizing at-risk items or areas of non-compliance, in a summary overview. The approach streamlines the information delivery to those executives who may leverage the data for strategic decisions. These reports are preconfigured to be included within the MAS: Monthly Executive Reporting Package.
Log Requirements
To utilize the summary and detailed reports related to UAM and account monitoring, the FI should look to leverage existing technologies and UAM processes. Access management or provisioning solutions, such as Windows Active Directory, should be included as log sources for this module and respective reports.
‘Top’ executive reports are designed to run against the in-scope MAS-TRMG environment. With that said the FI should look to leverage past audit results, risk-based assessments, and Governance, Risk, and Control (GRC) resources. These resources help translate the audit’s scope, into the functionality of the compliance module.
Knowledge Base Content
ID | Name |
|---|---|
1681 | MAS: Account Created Summary |
1680 | MAS: Acct Created, Used, Deleted Summary |
1692 | MAS: Priv Acct UAM Summary |
1701 | MAS: Vendor Acct UAM Summary |
1707 | MAS: Default Acct UAM Summary |
1713 | MAS: Shared Acct UAM Summary |
1409 | MAS: Top Applications Experiencing Errors Summary |
1412 | MAS: Top Attacker Summary |
1415 | MAS: Top Targeted Application Summary |
Actions
User Lists can be integrated with existing periodic reviews to ensure updates are reflected for more accurate account monitoring and reporting. Audit requests can be addressed through the use of the UAM reports for various user groups (lists). The FI should look to integrate existing UAM and account monitoring activities already in place to further augment related MAS-TRMG control objectives.
The MAS-TRMG: Monthly Executive Reporting Package comes pre-configured to include seven (7) ‘Top’ summary reports, but this reporting package can be customized to include additional forensic data requested by management or executive teams. For detailed instructions, see the MAS-TRMG Compliance Automation Suite Deployment Guide.
Report Packages
Reporting packages can be easily created or adjusted by a LogRhythm Admin to provide desired content for Audit, Executive Management, or other individuals requiring output for assessment. Within the MAS-TRMG module, there are six (6) MAS-TRMG User Guide – Reports and Reporting Packages that can be adjusted per audit and FL needs.
Reporting Packages can always be adjusted per audit and other content demands as the FI matures its compliance scope. Below are instructions on creating a new Reporting Package to be used at your discretion:
- Open the Log Rhythm Client Console.
- On the main toolbar, click Report Center.
- Click the Reporting Packages tab.
- Right-click the grid and click New Report Package or edit existing Reporting Packages by clicking Properties.
- Within the Select Reports window, select the desired MAS-TRMG reports to be included in this reporting package, and then click Next.
New and cloned reports can be added later to existing Reporting Packages. On the Override Log Source Criteria page, click Next.
Do not override log source criteria.- Select the frequency and period of time for which the reporting package will be produced.
- Enter a name and description for the new MAS-TRMG reporting package, and then click OK to save.
