NCA OT: PCI DSS 4.0 – Investigations
Investigation Name | Investigation Description | Investigation ID | Data Source | Intelligent Indexing | Classifications | Log Sources |
|---|---|---|---|---|---|---|
CCF: Access Failure Detail | This investigation provides details around access failures within the environment. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 586 | Platform Manager | No | Security | Log Source = CCF: Card Holder Data Systems, CCF: File Integrity Monitors, CCF: Network Security Systems |
CCF: Account Disable/Locked Detail | This investigation provides details on disabled/locked accounts. Augment: 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7 | 587 | Data Processor(s) | No | Security | Log Source List = CCF: All Log Sources |
CCF: Account Termination Detail | This investigation provides details on deleted accounts. Augment: 8.1.3.a, 8.5.c | 588 | Platform Manager | No | Security | Log Source List = CCF: All Log Sources |
CCF: AIE Account Disable/Locked Detail | This investigation provides details on disabled/locked accounts. Augment: 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7 | 589 | Platform Manager | No | Security | N/A |
CCF: AIE Database Authentication Detail | This investigation provides details of database authentication activity. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 590 | Platform Manager | No | Security | N/A |
CCF: AIE Denied CDE => Internet Comm Detail | This investigation provides details of denied communication from the cardholder data environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 591 | Platform Manager | No | Security | N/A |
CCF: AIE Denied DMZ => Internal Comm Detail | This investigation provides details of denied communication from the demilitarized zone to the internal network. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 592 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Inet => Intrn Comm Detail | This investigation provides details of denied communication from the external internet to all internal environments. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | 593 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Internet => CDE Comm Detail | This investigation provides details of denied communication from the external internet to the cardholder data environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 594 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Internet => DMZ Comm Detail | This investigation provides details of denied communication from the external internet to the demilitarized zone. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 595 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Intrn => Inet Comm Detail | This investigation provides details of denied communication from the internal environment to the external internet, Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 596 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Intrn => Intrn Comm Detail | This investigation provides details of denied communication from the internal environment to the internal environment. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 597 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Test => Inet Comm Detail | This investigation provides details of denied communication from the test environment to other internal environments. Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 598 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Test => Intern Comm Detail | This investigation provides details of denied communication from the test environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 599 | Platform Manager | No | Security | N/A |
CCF: AIE Denied Wireless => CDE Comm Detail | This investigation provides details of denied communication from the wireless environment to the internal card holder data environment. Augment: 2.2.2.a, 2.2.2.b | 600 | Platform Manager | No | Security | N/A |
CCF: AIE FIM ADD/Delete/Mod Activity Detail | This investigation provides details on file integrity monitoring add, delete, and modify activity. Direct: 11.5.a, 11.5.b Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | 601 | Platform Manager | No | Operations | N/A |
CCF: AIE FIM Permission Change Detail | This investigation provides details on file integrity monitoring add, delete, and modify activity. Direct: 11.5.a, 11.5.b Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | 602 | Platform Manager | No | Operations | N/A |
CCF: AIE Invalid Account Usage Detail | This investigation provides details of authentication successes and failures from unauthorized accounts such as default account, disabled accounts, and terminated accounts. Direct: 2.1.a, 2.1.b, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.1.3.a, 8.1.4, 8.2.5.a, 8.2.5.b, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 603 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid CDE => Inet Comm Detail | This investigation provides details of un-allowed communication from the cardholder data environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 604 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid DMZ => Internal Comm Detail | This investigation provides details of un-allowed communication from the demilitarized zone to the internal network. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 605 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Inet => CDE Comm Detail | This investigation provides details of un-allowed communication from the external internet to all internal environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | 606 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Inet => DMZ Comm Detail | This investigation provides details of un-allowed communication from the external internet to the cardholder data environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 607 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Inet => Intrn Comm Detail | This investigation provides details of un-allowed communication from the external internet to the demilitarized zone. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 608 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Intrn => Inet Comm Detail | This investigation provides details of un-allowed communication from the internal environment to the external internet. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 609 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Intrn => Intrn Comm Detail | This investigation provides details of un-allowed communication from the internal environment to the internal environment. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 610 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Test => Inet Comm Detail | This investigation provides details of un-allowed communication from the test environment to other internal environments. Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 611 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Test => Intrn Comm Detail | This investigation provides details of un-allowed communication from the test environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 612 | Platform Manager | No | Security | N/A |
CCF: AIE Invalid Wless => CDE Comm Detail | This investigation provides details of un-allowed communication from the wireless environment to the internal card holder data environment. Augment: 2.2.2.a, 2.2.2.b | 613 | Platform Manager | No | Security | N/A |
CCF: AIE Vendor Access Detail | This investigation provides details on vendor account activity. Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 12.3.9 | 614 | Platform Manager | No | Security | N/A |
CCF: Antivirus Failure Detail | This investigation provides details of antivirus activity by impacted application. Direct: 5.2.d Augment: 5.1, 5.2.b, 5.2.c | 615 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Application Access Detail | This investigation provides details on applications invoked. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f, 7.1.1, 7.1.2.a, 7.1.2.b | 616 | Data Processor(s) | No | Security | Log Source List = CCF: All Log Sources |
CCF: Audit Exception Detail | This investigation provides details on audit exceptions such as access failure, authentication failure, or other audit failures. Direct: 10.2.4, 10.8.b, A3.3.1.b Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 617 | Data Processor(s) | No | Audit | Log Source List = CCF: All Log Sources |
CCF: Audit Log Detail | This investigation provides details of audit log clearing or write failures. Augment: 10.2.6 | 618 | Data Processor(s) | No | Audit | Log Source List = CCF: All Log Sources |
CCF: Authentication Failure Detail | This investigation provides details on authentication failures across the environment. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 619 | Platform Manager | No | Security | Log Source = CCF: Card Holder Data Systems, CCF: File Integrity Monitors, CCF: Network Security Systems |
CCF: Backup Failure Detail | This investigation provides details of critical failures, errors, and information from backup software. Augment: 9.7.1, 12.10.5 | 620 | Platform Manager | No | Operations | Log Source List = CCF: All Log Sources |
CCF: CDE Communication Detail | This investigation provides details on communication to or from the cardholder data environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 621 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Configuration/Policy Change Detail | This investigation provides details of the occurrence of configuration or policy changes. Direct: 6.2.b, 10.2.2, 10.4.1.a Augment: 12.11.a, A3.2.5.b, 1.1.1.a, 8.1.6.a, 8.1.6.b | 622 | Data Processor(s) | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Critical/Error Detail | This investigation provides details on critical and error events received from various components within the defined environment. Augment: 6.5.5 | 623 | Platform Manager | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Database Access Detail | This investigation provides details of database access activity. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 624 | LogMart | No | Security | Log Source List = CCF: Database Systems |
CCF: Database Authentication Detail | This investigation provides details of database authentication activity. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 625 | Data Processor(s) | No | Security | Log Source List = CCF: Database Systems |
CCF: Denied CDE => Internet Comm Detail | This investigation provides details of denied communication from the cardholder data environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 626 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied DMZ => Internal Comm Detail | This investigation provides details of denied communication from the demilitarized zone to the internal network. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 627 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Inet => Intrn Comm Detail | This investigation provides details of denied communication from the external internet to all internal environments. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | 628 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Internet => CDE Comm Detail | This investigation provides details of denied communication from the external internet to the cardholder data environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 629 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Internet => DMZ Comm Detail | This investigation provides details of denied communication from the external internet to the demilitarized zone. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 630 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Intrn => Inet Comm Detail | This investigation provides details of denied communication from the internal environment to the external internet. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 631 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Intrn => Intrn Comm Detail | This investigation provides details of denied communication from the internal environment to the internal environment. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 632 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Test => Internal Comm Detail | This investigation provides details of denied communication from the test environment to other internal environments. Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 633 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Test => Internet Comm Detail | This investigation provides details of denied communication from the test environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 634 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Denied Wireless => CDE Comm Detail | This investigation provides details of denied communication from the wireless environment to the internal card holder data environment. Augment: 2.2.2.a, 2.2.2.b | 635 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: DMZ Communication Detail | This investigation provides details on communication to or from the demilitarized zone. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 636 | Data Processor(s) | No | Audit | Log Source List = CCF: Network Security Systems |
CCF: FIM Activity Detail | This investigation provides details of file integrity monitoring activity like adds, deletes, modifies, group changes, owner changes, and permissions. Direct: 10.5.5, 11.5.a, 11.5.b Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | 637 | Data Processor(s) | No | Operations | Log Source List = CCF: File Integrity Monitors |
CCF: FIM ADD/Delete/Mod Activity Detail | This investigation provides details on file integrity monitoring add, delete, and modify activity. Direct: 11.5.a, 11.5.b Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | 638 | Data Processor(s) | No | Security | Log Source List = CCF: File Integrity Monitors |
CCF: FIM Failure Detail | This investigation provides details of critical failures, errors, and information from file integrity monitoring software. Augment: 12.10.5 | 639 | Platform Manager | No | Operations | Log Source List = CCF: File Integrity Monitors |
CCF: FIM Permission Change Detail | This investigation provides details on all file integrity monitoring permissions such as owner, group, or permission change activity. Direct: 11.5.a, 11.5.b Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | 640 | Data Processor(s) | No | Security | Log Source List = CCF: File Integrity Monitors |
CCF: Firewall Policy Synch Failure Detail | This investigation provides details of firewall policy synchronization failure activity. Augment: 1.2.2.a, 1.2.2.b | 641 | Platform Manager | No | Audit | Log Source List = CCF: Network Security Systems |
CCF: Host Firewall Failure Detail | This investigation provides details of the occurrence of host firewall failure activity. Augment: 1.4.a | 642 | Platform Manager | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Internal Communication Detail | This investigation provides details on communication to or from the PCI: Internal Environment List. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 643 | Data Processor(s) | No | Audit | Log Source List = CCF: Network Security Systems |
CCF: Internet Communication Detail | This investigation provides details on communication to or from the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | 644 | Data Processor(s) | No | Audit | Log Source List = CCF: Network Security Systems |
CCF: Invalid Account Usage Detail | This investigation provides details of authentication successes and failures from unauthorized accounts such as default account, disabled accounts, and terminated accounts. Direct: 2.1.a, 2.1.b, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.1.3.a, 8.1.4, 8.5.c | 645 | Data Processor(s) | No | Audit | Log Source List = CCF: All Log Sources |
CCF: Invalid CDE => Internet Comm Detail | This investigation provides details of un-allowed communication from the cardholder data environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 646 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid DMZ => Internal Comm Detail | This investigation provides details of un-allowed communication from the demilitarized zone to the internal network. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 647 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Inet => Intrn Comm Detail | This investigation provides details of un-allowed communication from the external internet to all internal environments. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | 648 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Internet => CDE Comm Detail | This investigation provides details of un-allowed communication from the external internet to the cardholder data environment. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 649 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Internet => DMZ Comm Detail | This investigation provides details of un-allowed communication from the external internet to the demilitarized zone. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | 650 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Intrn => Inet Comm Detail | This investigation provides details of un-allowed communication from the internal environment to the external internet. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 651 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Intrn => Intrn Comm Detail | This investigation provides details of un-allowed communication from the internal environment to the internal environment. Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | 652 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Test => Internal Comm Detail | This investigation provides details of un-allowed communication from the test environment to other internal environments. Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 653 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Test => Internet Comm Detail | This investigation provides details of un-allowed communication from the test environment to the external internet. Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 654 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Invalid Wireless => CDE Comm Detail | This investigation provides details of un-allowed communication from the wireless environment to the internal card holder data environment. Augment: 2.2.2.a, 2.2.2.b | 655 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Malware Detail | This investigation provides details on identified malware events. Direct: 5.2.d Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5 | 656 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Network Communication Detail | This investigation provides details on all network communication. Direct: 1.1.6.b Augment: 1.1.6.a, 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | 657 | Data Processor(s) | No | Audit | Log Source List = CCF: Network Security Systems |
CCF: Object Disposal Failure Detail | This investigation provides details of object creations, deletions, and removals. Augment: 10.2.7 | 658 | Platform Manager | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Operations Exception Detail | This investigation provides details on critical failure or error conditions. Augment: 12.10.5 | 659 | Data Processor(s) | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Physical Access Failure Detail | This investigation provides details on critical failures or errors to the physical access system. Augment: 8.1.3.b,9.1, 9.1.1.a, 9.1.2, 9.3.c | 660 | Platform Manager | No | Security | Log Source List = CCF: Physical Security Systems |
CCF: Priv Acct Auth Detail | This investigation provides details of privileged user authentication successes and failures by impacted host. Direct: 10.1, 10.2.1, 10.2.2, 10.2.4, 10.2.5.a, 10.2.5.b, 10.2.5.c, 10.8.b, A3.3.1.b Augment: 7.1.1, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 661 | Data Processor(s) | No | Security | Log Source List = CCF: All Log Sources |
CCF: Reconnaissance/Suspicious Detail | This investigation provides details on reconnaissance activity. Augment: 11.4.a, 11.4.b, 11.4.c | 662 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Rogue WAP Detail | This investigation provides details of detected rogue access points. Augment: 11.1.b, 11.1.d, 12.10.5 | 663 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Security Activity Detail | This investigation provides details on security events like attacks, compromises, and denial of service activity. Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5 | 664 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Security Event Detail | This investigation provides details on security events such as activity, attack, compromise, denial of service, malware, misuse, reconnaissance, and suspicious. Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5 | 665 | Data Processor(s) | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Signature Update Failure Detail | This investigation provides details on critical failures or errors to antivirus signature updates. Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5 | 666 | Platform Manager | No | Operations | Log Source List = CCF: Network Security Systems |
CCF: Software Update Failure Detail | This investigation provides details on software update failure activity. Direct: 5.2.d, 6.2.b Augment: 5.2.b, 5.2.c, 11.4.a, 11.4.b, 11.4.c, 12.11.a, A3.2.5.b | 667 | Platform Manager | No | Operations | Log Source List = CCF: All Log Sources |
CCF: Test Communication Detail | This investigation provides details on communication to or from the test environment. Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | 668 | Data Processor(s) | No | Operations | Log Source List = CCF: Network Security Systems |
CCF: TLS/SSL Activity | This investigation provides details on TLS and SSL activity, from LogRhythm Network Monitor logging. Augment: 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | 669 | Data Processor | No | Audit | All available Log Sources |
CCF: Vendor Access Detail | This investigation provides detail information around vendor account access failures. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 670 | Data Processor(s) | No | Security | Log Source List = CCF: All Log Sources |
CCF: Vendor Account Enabled Detail | This investigation provides details of vendor account management activity.
Augment: 8.1.a, 8.1.1, 8.1.2, 8.1.3.a, 8.1.4, 8.1.5.a, 8.1.5.b, 8.1.6.b, 8.2.5.a, 8.2.5.b, 8.5.c, 12.3.9 | 671 | Platform Manager | No | Security | Log Source List = CCF: All Log Sources |
CCF: Vendor Authentication Detail | This investigation provides details of vendor account activity. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | 672 | LogMart | No | Security | CCF: All Log Sources |
CCF: Vulnerability Detail | This investigation provides details on the occurrence of vulnerabilities. Augment: 6.5.1, 6.5.2, 6.5.4, 6.5.5, 6.5.6, 6.5.7, A, 6.5.9,6.6, 12.10.5 | 673 | Platform Manager | No | Security | Log Source List = CCF: Network Security Systems |
CCF: Wireless Communication Detail | This investigation provides details on communication to or from the wireless environment. Augment: 2.2.2.a, 2.2.2.b | 674 | Data Processor(s) | No | Audit | Log Source List = CCF: Network Security Systems |