NRC RG 5.71 – Reports
The following table provides a listing of all reports included in this compliance package. For each report, the targeted data source, the required classifications, and the required Log Source Lists are provided. If you are unable to implement the Data Management Settings, this table should be referred to so as to understand which reports will be impacted.
Reports with a data source of Log Manager will not populate in a fully collection- optimized deployment. Contact LogRhythm Support for additional details.
Report ID | Report Name | Data Source | Intelligent Indexing | Required Classifications | Required Log Source Lists |
|---|---|---|---|---|---|
476 | NRC: Account Lockout Summary | Log Mart | No | Account Modified, Access Revoked | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
477 | NRC: Account Management Activity | Log Mart | No | Account Created, Account Deleted, Account Modified | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Network Access Control Systems |
478 | NRC: Attacks Detected | Log Mart | No | Attack, Compromise, Denial of Service | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems, NRC: Security Systems |
479 | NRC: Audit Failure By Host | Log Mart | No | Access Failure, Authentication Failure, Other Audit Failure | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems |
480 | NRC: Audit Failure By User | Log Manager | Yes | Access Failure, Authentication Failure, Other Audit Failure | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems |
481 | NRC: Compromises Detected | Log Mart | No | Compromise | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems, NRC: Security Systems |
482 | NRC: Configuration Change Summary | Log Manager | Yes | Configuration | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
483 | NRC: Disabled Accounts | Log Mart | No | Account Modified, Access Revoked, | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems |
484 | NRC: Door Access Summary | Log Manager | Yes | Access Success, Authentication Success, Compromise | NRC: Security Systems |
485 | NRC: Failed Application Access | Log Mart | No | Access Failure, Authentication Failure | NRC: Production Servers, NRC: Workstations |
486 | NRC: Failed File Access | Log Manager | Yes | Access Failure | NRC: Production Servers, NRC: Workstations |
487 | NRC: Failed Host Access | Log Mart | No | Authentication Failure | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
488 | NRC: File Integrity Monitor Log Detail | Log Manager | No | Activity | NRC: File Integrity Monitoring Systems |
489 | NRC: File Integrity Monitor Log Detail | Log Manager | No | Activity | NRC: File Integrity Monitoring Systems |
490 | NRC: File Integrity Monitor Summary | Log Manager | No | Activity | NRC: File Integrity Monitoring Systems |
491 | NRC: Host Access Granted And Revoked | Log Mart | No | Access Granted, Access Revoked | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems |
492 | NRC: Host Authentication Summary | Log Mart | No | Authentication Success | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems |
493 | NRC: Network Connection Summary | Log Manager | No | Network Allow, Network Deny, Network Traffic | NRC: Network Access Control Systems |
494 | NRC: Network Service Summary | Log Manager | No | Network Allow, Network Deny, Network Traffic | NRC: Network Access Control Systems |
495 | NRC: New Account Summary | Log Mart | No | Account Created | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems |
496 | NRC: Object Access Summary | Log Manager | No | Access Success | NRC: Production Servers |
497 | NRC: Policy Activity Summary | Log Mart | No | Access Granted, Access Revoked, Policy | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
498 | NRC: Processes By User | Log Manager | No | Startup and Shutdown | NRC: Production Servers, NRC: Workstations |
499 | NRC: Security Event Summary | Log Mart | No | Attack, Compromise, Denial of Service, Malware, Reconnaissance, Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
500 | NRC: Security Event Summary | Log Mart | No | Attack, Compromise, Denial of Service, Malware, Reconnaissance, Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
501 | NRC: Security Event Summary | Log Mart | No | Attack, Compromise, Denial of Service, Malware, Reconnaissance, Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
502 | NRC: Security Event Summary | Log Mart | No | Attack, Compromise, Denial of Service, Malware, Reconnaissance, Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
503 | NRC: Suspicious Activity By Host | Log Mart | No | Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
504 | NRC: Suspicious Activity By User | Log Mart | No | Suspicious | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
505 | NRC: Terminated Account Summary | Log Mart | No | Account Deleted | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems |
506 | NRC: Top Attackers | Log Mart | No | Attack, Compromise, Denial of Service, Failed Attack, Failed Denial of Service, Failed Malware, Failed Suspicious, Malware, Reconnaissance, Suspicious | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
507 | NRC: Top Suspicious Users | Log Manager | Yes | Access Failure, Activity, Attack, Authentication Failure, Compromise, Denial of Service, Failed Activity, Failed Denial of Service, Failed Malware, Failed Misuse, Failed Suspicious, Malware, Misuse, Other Audit Failure, Reconnaissance, Suspicious | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems, NRC: Security Systems |
508 | NRC: Top Targeted Applications | Log Mart | No | Attack, Compromise, Denial of Service, Failed Attack, Failed Denial of Service, Failed Malware, Failed Suspicious, Malware, Reconnaissance, Suspicious | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems, NRC: Security Systems |
509 | NRC: Top Targeted Hosts | Log Mart | Yes | Attack, Compromise, Denial of Service, Failed Attack, Failed Denial of Service, Failed Malware, Failed Suspicious, Malware, Reconnaissance, Suspicious | NRC: Production Servers, NRC: Workstations, NRC: Network Access Control Systems, NRC: Security Systems |
510 | NRC: Usage Auditing Event Detail | Event Manager | N/A | N/A | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
511 | NRC: Usage Auditing Event Detail | Event Manager | N/A | N/A | NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems, NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: File Integrity Monitoring Systems |
512 | NRC: User Authentication Summary | Log Mart | No | Authentication Failure, Authentication Success | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Network Access Control Systems |
513 | NRC: User Misuse Summary | Log Manager | Yes | Misuse | NRC: Production Servers, NRC: Workstations, NRC: Wireless Access Points, NRC: Remote Access Systems, NRC: Data Loss Prevention Systems, NRC: Network Access Control Systems, NRC: Security Systems |
514 | NRC: User Object Access Summary | Log Manager | No | Access Success | NRC: Production Servers, NRC: Workstations |