NCA OT: PCI DSS 4.0 – AI Engine Rules
AI Engine Rule Name | Rule Description | Alert | Rule ID | Notification Area | Directly Meets Requirements | Augment Requirements | Alarming | Classifications | Log Sources |
|---|---|---|---|---|---|---|---|---|---|
CCF: Account Disabled/Locked Rule | This AIE Rule creates events for disabled/locked accounts. | No | 1106 | Access Revoked | N/A | 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7 | No | Access Revoked | CCF: All Log Sources |
CCF: Antivirus Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to antivirus. | Yes | 1107 | Operations : Error | 5.2.d, 10.8.b, A3.3.1.b | 5.1, 5.2.b, 5.2.c, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | CCF: Network Security Systems |
CCF: Antivirus Information Rule | This AIE Rule creates events for antivirus information. | No | 1108 | Information | 5.2.d | 5.1, 5.2.b, 5.2.c | No | Information | CCF: Network Security Systems |
CCF: Attack Alert | This AIE Rule alerts on the occurrence of any identified attack event. | Yes | 1109 | Security : Attack | N/A | A,6.6, 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Attack | CCF: Network Security Systems |
CCF: Audit Log Cleared Alert | This AIE Rule alerts on the occurrence of audit log clearing. | Yes | 1110 | Audit : Access Success | N/A | 10.2.6 | Yes | Audit : Access Success | CCF: All Log Sources |
CCF: Audit Log Write Failure Alert | This AIE Rule alerts on the occurrence of audit log write failures. | Yes | 1111 | Audit : Other Audit Failure | 10.8.b, A3.3.1.b | 10.2.6, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Other Audit Failure | CCF: All Log Sources |
CCF: Backup Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to backup software. | Yes | 1114 | Operations : Error | N/A | 9.7.1, 12.10.5 | Yes | Operations : Error | CCF: All Log Sources |
CCF: Backup Information Rule | This AIE Rule creates events for information from backup software. | No | 1115 | Information | N/A | 9.7.1, 12.10.5 | No | Information | CCF: All Log Sources |
CCF: Compromise Alert | This AIE Rule alerts on the occurrence of any identified compromise event. | Yes | 1116 | Security : Compromise | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Compromise | CCF: Network Security Systems |
CCF: Critical/Error Alert | This AIE Rule alerts on the occurrence of critical or error messages from a given host. | Yes | 1117 | Operations : Critical | 10.8.b, A3.3.1.b | 6.5.5, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Critical | CCF: All Log Sources |
CCF: Database Authentication Rule | This AIE Rule creates events for database authentication successes & failures from unauthorized accounts. | No | 1118 | Authentication Success | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | No | Authentication Success | CCF: Database Systems |
CCF: DB Account Auth Failure Alert | This AIE Rule alerts on the occurrence of any database authentication failure from unauthorized accounts. |
Yes |
1120 | Audit : Authentication Failure | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | CCF: Database Systems |
CCF: Denial Of Service Alert | This AIE Rule alerts on the occurrence of any identified Denial of Service event. | Yes | 1121 | Security : Denial of Service | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Denial of Service | CCF: Network Security Systems |
CCF: Denied CDE => Internet Comm Rule | This AIE Rule creates events for denied communication from the cardholder data environment to the external internet. |
No |
1122 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Denied DMZ => Internal Comm Rule | This AIE Rule creates events for denied communication from the demilitarized zone to the internal network. |
No |
1123 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Inet => Intrn Comm Rule | This AIE Rule creates events for denied communication from the external internet to all internal environments. |
No |
1124 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Internet => CDE Comm Rule | This AIE Rule creates events for denied communication from the external internet to the cardholder data environment. |
No |
1125 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Internet => DMZ Comm Rule | This AIE Rule creates events for denied communication from the external internet to the demilitarized zone. |
No |
1126 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Intrn => Inet Comm Rule | This AIE Rule creates events for denied communication from the internal environment to the external internet. |
No |
1127 | Network Deny | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Intrn => Intrn Comm Rule | This AIE Rule creates events for denied communication from the internal environment to the internal environment. |
No |
1128 | Network Deny | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Test => Internal Comm Rule | This AIE Rule creates events for denied communication from the test environment to other internal environments. |
No |
1129 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Test => Internet Comm AIE Rule | This AIE Rule creates events for denied communication from the test environment to the external internet. |
No |
1130 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | No | Network Deny | CCF: Network Security Systems |
CCF: Denied Wireless => CDE Comm Rule | This AIE Rule creates events for denied communication from the test environment to the external internet. |
No |
1131 | Network Deny | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b | No | Network Deny | CCF: Network Security Systems |
CCF: Early TLS/SSL Alert | This AIE Rule alerts on the occurrence of any identified TLS LogRhythm Network Monitor event. | Yes | 1132 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | Yes | Security : Activity | Include All Log Sources | |
CCF: FIM Add Activity Rule | This AIE Rule creates events for all file integrity monitoring add activity. | No | 1133 | Activity | 11.5.a, 11.5.b | 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: FIM Delete Activity Rule | This AIE Rule creates events for all file integrity monitoring delete activity. | No | 1134 | Activity | 11.5.a, 11.5.b | 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: FIM Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to file integrity monitoring. | Yes | 1135 | Operations : Error | 10.8.b, 3.3.1.b | 10.8.1.b, 12.10.5, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | CCF: File Integrity Monitors |
CCF: FIM Group Change Activity Rule | This AIE Rule creates events all file integrity monitoring group change activity. | No | 1136 | Activity | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: FIM Information Rule | This AIE Rule creates events for information from file integrity monitoring software. | No | 1137 | Information | N/A | 12.10.5 | No | Information | CCF: File Integrity Monitors |
CCF: FIM Modify Activity Rule | This AIE Rule creates events for all file integrity monitoring modify activity. | No | 1138 | Activity | 10.5.5, 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: FIM Owner Change Activity Rule | This AIE Rule creates events for all file integrity monitoring owner change activity. | No | 1139 | Activity | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: FIM Permission Activity Rule | This AIE Rule creates events for all file integrity monitoring permission change activity. | No | 1140 | Activity | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | CCF: File Integrity Monitors |
CCF: Firewall Policy Synch Information Rule | This AIE Rule creates events for all firewall policy synchronization information. | No | 1141 | Information | N/A | 1.2.2.a, 1.2.2.b | No | Information | CCF: Network Security Systems |
CCF: FW Policy Synch Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to firewall policy synchronization. |
Yes |
1142 | Operations : Error | 10.8.b, 3.3.1.b | 1.2.2.a, 1.2.2.b, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | CCF: Network Security Systems |
CCF: Host Firewall Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to host firewalls. | Yes | 1143 | Operations : Error | 10.8.b, A3.3.1.b | 1.4.a, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | CCF: All Log Sources |
CCF: Host Firewall Information Rule | This AIE Rule creates events for host firewall information. | No | 1144 | Information | N/A | 1.4.a | No | Information | CCF: All Log Sources |
CCF: Invalid Account Usage Rule | This AIE Rule creates events for authentication successes and failures from unauthorized accounts. |
Yes |
1145 | Authentication Success | 2.1.a, 2.1.b, 10.2.1, 10.2.4, 10.8.b, 3.3.1.b | 8.1.3.a, 8.1.4, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Security | CCF: All Log Sources |
CCF: Invalid Act Auth Failure Alert | This AIE Rule alerts on the occurrence of any authentication failure attempts from unauthorized accounts (default /disabled/terminated) in direct support of PCI-DSS Controls: 2.1.b, 10.1, 10.2.1, 10.2.2, 10.2.4 and supplemental support of PCI- DSS controls: 8.1.3.a, 8.1.4, 8.5.c | Yes | 1146 | Audit : Authentication Failure | 2.1.a, 2.1.b,10.1, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b, 10.8.b, A3.3.1.b | 8.1.3.a, 8.1.4, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | CCF: All Log Sources |
CCF: Invalid CDE => Internet Comm Rule | This AIE Rule creates events for un-allowed communication from the cardholder data environment to the external internet. |
Yes |
1147 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid DMZ => Internal Comm Rule | This AIE Rule creates events for un-allowed communication from the demilitarized zone to the internal network. |
Yes |
1148 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Inet => Intrn Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to all internal environments. |
Yes |
1149 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Internet => CDE Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to the cardholder data environment in supplemental support of PCI-DSS Controls: 1.2.1.a-c, 1.3.3, 1.3.5, & 2.2.2.a-b |
Yes |
1150 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Internet => DMZ Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to the demilitarized zone. |
Yes |
1151 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Intrn => Inet Comm Rule | This AIE Rule creates events for un-allowed communication from the internal environment to the external internet. |
Yes |
1152 | Network Allow | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Intrn => Intrn Comm Rule | This AIE Rule creates events for un-allowed communication from the internal environment to the internal environment. |
Yes |
1153 | Network Allow | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Test => Internal Comm Rule | This AIE Rule creates events for un-allowed communication from the test environment to other internal environments. |
Yes |
1154 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Test => Internet Comm Rule | This AIE Rule creates events for un-allowed communication from the test environment to the external internet. |
Yes |
1155 | Network Allow | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | Yes | Network Allow | CCF: Network Security Systems |
CCF: Invalid Wireless => CDE Comm Rule | This AIE Rule creates events for un-allowed communication from the wireless environment to the internal card holder data environment. |
Yes |
1156 | Network Allow | N/A | 2.2.2.a, 2.2.2.b | Yes | Network Allow | CCF: Network Security Systems |
CCF: Malware Alert Rule | This AIE Rule alerts on the occurrence of any identified Malware event. | Yes | 1157 | Security : Malware | 5.2.d | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Malware | CCF: Network Security Systems |
CCF: Object Disposal Failure Alert Rule | This AIE Rule alerts on the occurrence of any object deletion/removal failure. | Yes | 1158 | Audit : Access Failure | 10.8.b, A3.3.1.b | 10.2.7, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | CCF: All Log Sources |
CCF: Physical Access Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to the physical access system. |
Yes |
1159 | Audit : Access Failure | 10.8.b, A3.3.1.b | 8.1.3.b,9.1, 9.1.1.a, 9.1.2, 9.3.c, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | CCF: Physical Security Systems |
CCF: Physical Access Usage Rule | This AIE Rule creates events of physical security authentication success and failures. | No | 1160 | Authentication Success | N/A | 8.1.3.b, 9.1, 9.1.1.a, 9.1.2, 9.3.c | No | Authentication Success | CCF: Physical Security Systems |
CCF: Priv Acct Auth Failure Alert | This AIE Rule alerts on the occurrence of any authentication failure attempt from privileged accounts. |
Yes |
1161 | Audit : Authentication Failure | 10.1, 10.2.1, 10.2.2, 10.2.4, 10.2.5.a, 10.8.b, A3.3.1.b | 7.1.1, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | CCF: All Log Sources |
CCF: Reconnaissance Activity Alert | This AIE Rule alerts on the occurrence of any reconnaissance activity. | Yes | 1162 | Security : Reconnaissance | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | Yes | Security : Activity | Include All Log Sources |
CCF: Remote Session Timeout Rule | This AIE Rule creates events for remote session timeouts. | No | 1163 | Information | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Reconnaissance | CCF: Network Security Systems |
CCF: Rouge WAP Detected Alert | This AIE Rule alerts on the occurrence of any rogue access point detection events. | Yes | 1164 | Security : Suspicious | N/A | 12.3.8.b | No | Information | CCF: Network Security Systems |
CCF: Signature Update Failure Alert | This AIE Rule alerts on the occurrence of signature update failures. | Yes | 1165 | Audit : Configuration | N/A | 11.1.b, 11.1.d, 12.10.5 | Yes | Security : Suspicious | CCF: Network Security Systems |
CCF: Software Update Failure Alert | This AIE Rule alerts on the occurrence of software update failures. | Yes | 1166 | Audit : Configuration | 6.2.b | 11.4.a, 11.4.b, 11.4.c, 12.11.a, A3.2.5.b | Yes | Audit : Configuration | CCF: Network Security Systems |
CCF: Suspicious Activity Alert | This AIE Rule alerts on the occurrence of suspicious activity. | Yes | 1167 | Security : Suspicious | 6.2.b | 12.11.a, A3.2.5.b | Yes | Audit : Configuration | CCF: All Log Sources |
CCF: SSL Activity | This AIE Rule triggers on the occurrence of any identified SSL LogRhythm Network Monitor event. | No | 1168 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | No | Security : Activity | Include All Log Sources | |
CCF: Potential New TLS/SSL Implementation | This AIE Rule is designed to evaluate environments with two weeks of no TLS/SSL logging, and alarm if unexpected TLS/SSL activity shows up over that two-week window. | Yes | 1169 | N/A | 11.4.a, 11.4.b, 11.4.c | Yes | Security : Suspicious | CCF: Network Security Systems | |
CCF: Time Sync Error | This AIE Rule creates an event and alerts for any time sync errors occurring on any Log Source. | Yes | 1170 | Operations : Warning | N/A | 10.4.2.b | Yes | Operations : Warning | CCF: All Log Sources |
CCF: TLS Activity | This AIE Rule triggers on the occurrence of any identified TLS LogRhythm Network Monitor event. | No | 1171 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | No | Security : Activity | Include All Log Sources | |
CCF: Vendor Account Enabled Alert | This AIE Rule alerts on the occurrence of any access granting to vendor accounts. | Yes | 1172 | Audit : Access Granted | N/A | 8.1.5.a, 8.1.5.b, 8.1.6.b, 12.3.9 | Yes | Audit : Access Granted | CCF: All Log Sources |
CCF: Vendor Act Access Fail Alert | This AIE Rule alerts on vendor account access failure within the environment. | Yes | 1173 | Audit : Access Failure | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | CCF: All Log Sources |
CCF: Vendor Auth Activity Rule | This AIE Rule creates events for vendor account activity. | No | 1174 | Authentication Success | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | No | Authentication Success | CCF: Network Security Systems |
CCF: Vendor Auth Failure Alert | This AIE Rule alerts on the occurrence of any vendor account use of remote access. | Yes | 1175 | Audit : Authentication Failure | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | CCF: Network Security Systems |
CCF: Vulnerability Alert | This AIE Rule alerts on the occurrence of vulnerabilities or suspicious events across the organization's environment. |
Yes |
1176 | Security : Vulnerability | N/A | 6.5.1, 6.5.2, 6.5.4, 6.5.5, 6.5.6, 6.5.7, A, 6.5.9,6.6, 12.10.5 | Yes | Security : Vulnerability | CCF: Network Security Systems |
CCF: Patch Update Failure Alert | This AIE rule creates an alert any time a patch fails to apply to environments (entity structure). | Yes | 1184 | 6.2.b | 12.11.a, A3.2.5.b | Yes | Operations : Error | CCF: All Log Sources | |
CCF: Personnel Login Authentication Method Event | This rule can be used to gather event data for review with drilldowns. Any authentication event identified within an environment should be added to the criteria of Rule Block 1. |
No |
1185 | N/A | 8.3.1.b, A3.4.1 | No | Security : Activity | CCF: All Log Sources | |
CCF: Configuration Change Rule | This AIE Rule provides details on configuration changes. | Yes | 1186 | N/A | 6.4.6 | No | Audit : Configuration | CCF: All Log Sources | |
CCF: Change Record Statistics | This AIE Rule provides custom statistics on configuration change record events. Default expressions are to be modified accordingly. |
No |
1187 | 6.2.b | 12.11.a, A3.2.5.b | Yes | Audit : Configuration | CCF: All Log Sources |