Skip to main content
Skip table of contents

PCI DSS 4.0 – Investigations

Investigation Name

Investigation Description

Investigation ID

Data SourceIntelligent IndexingClassificationsLog Sources

CCF: Access Failure Detail

This investigation provides details around access failures within the environment.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

586

Platform Manager

No

Security

Log Source = CCF: Card Holder Data Systems, CCF: File Integrity Monitors, CCF: Network Security Systems

CCF: Account Disable/Locked Detail

This investigation provides details on disabled/locked accounts.

Augment: 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7

587

Data Processor(s)

No

Security

Log Source List = CCF: All Log Sources

CCF: Account Termination Detail

This investigation provides details on deleted accounts.

Augment: 8.1.3.a, 8.5.c

588

Platform Manager

No

Security

Log Source List = CCF: All Log Sources

CCF: AIE Account Disable/Locked Detail

This investigation provides details on disabled/locked accounts.

Augment: 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7

589

Platform Manager

No

Security

N/A

CCF: AIE Database Authentication Detail

This investigation provides details of database authentication activity.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

590

Platform Manager

No

Security

N/A

CCF: AIE Denied CDE => Internet Comm Detail

This investigation provides details of denied communication from the cardholder data environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

591

Platform Manager

No

Security

N/A

CCF: AIE Denied DMZ => Internal Comm Detail

This investigation provides details of denied communication from the demilitarized zone to the internal network.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

592

Platform Manager

No

Security

N/A

CCF: AIE Denied Inet => Intrn Comm Detail

This investigation provides details of denied communication from the external internet to all internal environments.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b

593

Platform Manager

No

Security

N/A

CCF: AIE Denied Internet => CDE Comm Detail

This investigation provides details of denied communication from the external internet to the cardholder data environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

594

Platform Manager

No

Security

N/A

CCF: AIE Denied Internet => DMZ Comm Detail

This investigation provides details of denied communication from the external internet to the demilitarized zone.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

595

Platform Manager

No

Security

N/A

CCF: AIE Denied Intrn => Inet Comm Detail

This investigation provides details of denied communication from the internal environment to the external internet,

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

596

Platform Manager

No

Security

N/A

CCF: AIE Denied Intrn => Intrn Comm Detail

This investigation provides details of denied communication from the internal environment to the internal environment.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

597

Platform Manager

No

Security

N/A

CCF: AIE Denied Test => Inet Comm Detail

This investigation provides details of denied communication from the test environment to other internal environments.

Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

598

Platform Manager

No

Security

N/A

CCF: AIE Denied Test => Intern Comm Detail

This investigation provides details of denied communication from the test environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

599

Platform Manager

No

Security

N/A

CCF: AIE Denied Wireless => CDE Comm Detail

This investigation provides details of denied communication from the wireless environment to the internal card holder data environment.

Augment: 2.2.2.a, 2.2.2.b

600

Platform Manager

No

Security

N/A

CCF: AIE FIM ADD/Delete/Mod Activity Detail

This investigation provides details on file integrity monitoring add, delete, and modify activity.

Direct: 11.5.a, 11.5.b

Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b

601

Platform Manager

No

Operations

N/A

CCF: AIE FIM Permission Change Detail

This investigation provides details on file integrity monitoring add, delete, and modify activity.

Direct: 11.5.a, 11.5.b

Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b

602

Platform Manager

No

Operations

N/A

CCF: AIE Invalid Account Usage Detail

This investigation provides details of authentication successes and failures from unauthorized accounts such as default account, disabled accounts, and terminated accounts.

Direct: 2.1.a, 2.1.b, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.1.3.a, 8.1.4, 8.2.5.a, 8.2.5.b, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

603

Platform Manager

No

Security

N/A

CCF: AIE Invalid CDE => Inet Comm Detail

This investigation provides details of un-allowed communication from the cardholder data environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

604

Platform Manager

No

Security

N/A

CCF: AIE Invalid DMZ =>

Internal Comm Detail

This investigation provides details of un-allowed communication from the demilitarized zone to the internal network.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

605

Platform Manager

No

Security

N/A

CCF: AIE Invalid Inet => CDE Comm Detail

This investigation provides details of un-allowed communication from the external internet to all internal environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b

606

Platform Manager

No

Security

N/A

CCF: AIE Invalid Inet => DMZ Comm Detail

This investigation provides details of un-allowed communication from the external internet to the cardholder data environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

607

Platform Manager

No

Security

N/A

CCF: AIE Invalid Inet => Intrn Comm Detail

This investigation provides details of un-allowed communication from the external internet to the demilitarized zone.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

608

Platform Manager

No

Security

N/A

CCF: AIE Invalid Intrn => Inet Comm Detail

This investigation provides details of un-allowed communication from the internal environment to the external internet.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

609

Platform Manager

No

Security

N/A

CCF: AIE Invalid Intrn => Intrn Comm Detail

This investigation provides details of un-allowed communication from the internal environment to the internal environment.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

610

Platform Manager

No

Security

N/A

CCF: AIE Invalid Test => Inet Comm Detail

This investigation provides details of un-allowed communication from the test environment to other internal environments.

Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

611

Platform Manager

No

Security

N/A

CCF: AIE Invalid Test => Intrn Comm Detail

This investigation provides details of un-allowed communication from the test environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

612

Platform Manager

No

Security

N/A

CCF: AIE Invalid Wless => CDE Comm Detail

This investigation provides details of un-allowed communication from the wireless environment to the internal card holder data environment.

Augment: 2.2.2.a, 2.2.2.b

613

Platform Manager

No

Security

N/A

CCF: AIE Vendor Access Detail

This investigation provides details on vendor account activity.

Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 12.3.9

614

Platform Manager

No

Security

N/A

CCF: Antivirus Failure Detail

This investigation provides details of antivirus activity by impacted application.

Direct: 5.2.d

Augment: 5.1, 5.2.b, 5.2.c

615

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Application Access Detail

This investigation provides details on applications invoked.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f, 7.1.1, 7.1.2.a, 7.1.2.b

616

Data Processor(s)

No

Security

Log Source List = CCF: All Log Sources

CCF: Audit Exception Detail

This investigation provides details on audit exceptions such as access failure, authentication failure, or other audit failures.

Direct: 10.2.4, 10.8.b, A3.3.1.b

Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

617

Data Processor(s)

No

Audit

Log Source List = CCF: All Log Sources

CCF: Audit Log Detail

This investigation provides details of audit log clearing or write failures.

Augment: 10.2.6

618

Data Processor(s)

No

Audit

Log Source List = CCF: All Log Sources

CCF: Authentication Failure Detail

This investigation provides details on authentication failures across the environment.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

619

Platform Manager

No

Security

Log Source = CCF: Card Holder Data Systems, CCF: File Integrity Monitors, CCF: Network Security Systems

CCF: Backup Failure Detail

This investigation provides details of critical failures, errors, and information from backup software.

Augment: 9.7.1, 12.10.5

620

Platform Manager

No

Operations

Log Source List = CCF: All Log Sources

CCF: CDE Communication Detail

This investigation provides details on communication to or from the cardholder data environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

621

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Configuration/Policy Change Detail

This investigation provides details of the occurrence of configuration or policy changes.

Direct: 6.2.b, 10.2.2, 10.4.1.a

Augment: 12.11.a, A3.2.5.b, 1.1.1.a, 8.1.6.a, 8.1.6.b

622

Data Processor(s)

No

Operations

Log Source List = CCF: All Log Sources

CCF: Critical/Error Detail

This investigation provides details on critical and error events received from various components within the defined environment.

Augment: 6.5.5

623

Platform Manager

No

Operations

Log Source List = CCF: All Log Sources

CCF: Database Access Detail

This investigation provides details of database access activity. Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

624

LogMart

No

Security

Log Source List = CCF: Database Systems

CCF: Database Authentication Detail

This investigation provides details of database authentication activity.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

625

Data Processor(s)

No

Security

Log Source List = CCF: Database Systems

CCF: Denied CDE => Internet Comm Detail

This investigation provides details of denied communication from the cardholder data environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

626

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied DMZ => Internal Comm Detail

This investigation provides details of denied communication from the demilitarized zone to the internal network.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

627

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Inet => Intrn Comm Detail

This investigation provides details of denied communication from the external internet to all internal environments.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b

628

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Internet => CDE Comm Detail

This investigation provides details of denied communication from the external internet to the cardholder data environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

629

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Internet => DMZ Comm Detail

This investigation provides details of denied communication from the external internet to the demilitarized zone.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

630

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Intrn => Inet Comm Detail

This investigation provides details of denied communication from the internal environment to the external internet.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

631

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Intrn => Intrn Comm Detail

This investigation provides details of denied communication from the internal environment to the internal environment.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

632

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Test => Internal Comm Detail

This investigation provides details of denied communication from the test environment to other internal environments.

Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

633

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Test => Internet Comm Detail

This investigation provides details of denied communication from the test environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

634

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Denied Wireless => CDE Comm Detail

This investigation provides details of denied communication from the wireless environment to the internal card holder data environment.

Augment: 2.2.2.a, 2.2.2.b

635

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: DMZ Communication Detail

This investigation provides details on communication to or from the demilitarized zone.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

636

Data Processor(s)

No

Audit

Log Source List = CCF: Network Security Systems

CCF: FIM Activity Detail

This investigation provides details of file integrity monitoring activity like adds, deletes, modifies, group changes, owner changes, and permissions.

Direct: 10.5.5, 11.5.a, 11.5.b

Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b

637

Data Processor(s)

No

Operations

Log Source List = CCF: File Integrity Monitors

CCF: FIM ADD/Delete/Mod Activity Detail

This investigation provides details on file integrity monitoring add, delete, and modify activity.

Direct: 11.5.a, 11.5.b

Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b

638

Data Processor(s)

No

Security

Log Source List = CCF: File Integrity Monitors

CCF: FIM Failure Detail

This investigation provides details of critical failures, errors, and information from file integrity monitoring software.

Augment: 12.10.5

639

Platform Manager

No

Operations

Log Source List = CCF: File Integrity Monitors

CCF: FIM Permission Change Detail

This investigation provides details on all file integrity monitoring permissions such as owner, group, or permission change activity.

Direct: 11.5.a, 11.5.b

Augment: 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b

640

Data Processor(s)

No

Security

Log Source List = CCF: File Integrity Monitors

CCF: Firewall Policy Synch Failure Detail

This investigation provides details of firewall policy synchronization failure activity.

Augment: 1.2.2.a, 1.2.2.b

641

Platform Manager

No

Audit

Log Source List = CCF: Network Security Systems

CCF: Host Firewall Failure Detail

This investigation provides details of the occurrence of host firewall failure activity.

Augment: 1.4.a

642

Platform Manager

No

Operations

Log Source List = CCF: All Log Sources

CCF: Internal Communication Detail

This investigation provides details on communication to or from the PCI: Internal Environment List.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

643

Data Processor(s)

No

Audit

Log Source List = CCF: Network Security Systems

CCF: Internet Communication Detail

This investigation provides details on communication to or from the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b

644

Data Processor(s)

No

Audit

Log Source List = CCF: Network Security Systems

CCF: Invalid Account Usage Detail

This investigation provides details of authentication successes and failures from unauthorized accounts such as default account, disabled accounts, and terminated accounts.

Direct: 2.1.a, 2.1.b, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.1.3.a, 8.1.4, 8.5.c

645

Data Processor(s)

No

Audit

Log Source List = CCF: All Log Sources

CCF: Invalid CDE => Internet Comm Detail

This investigation provides details of un-allowed communication from the cardholder data environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

646

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid DMZ => Internal Comm Detail

This investigation provides details of un-allowed communication from the demilitarized zone to the internal network.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

647

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Inet => Intrn Comm Detail

This investigation provides details of un-allowed communication from the external internet to all internal environments.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b

648

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Internet => CDE Comm Detail

This investigation provides details of un-allowed communication from the external internet to the cardholder data environment.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

649

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Internet => DMZ Comm Detail

This investigation provides details of un-allowed communication from the external internet to the demilitarized zone.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b

650

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Intrn => Inet Comm Detail

This investigation provides details of un-allowed communication from the internal environment to the external internet.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

651

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Intrn => Intrn Comm Detail

This investigation provides details of un-allowed communication from the internal environment to the internal environment.

Augment: 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f

652

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Test => Internal Comm Detail

This investigation provides details of un-allowed communication from the test environment to other internal environments.

Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

653

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Test => Internet Comm Detail

This investigation provides details of un-allowed communication from the test environment to the external internet.

Augment: 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

654

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Invalid Wireless => CDE Comm Detail

This investigation provides details of un-allowed communication from the wireless environment to the internal card holder data environment.

Augment: 2.2.2.a, 2.2.2.b

655

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Malware Detail

This investigation provides details on identified malware events. Direct: 5.2.d

Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5

656

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Network Communication Detail

This investigation provides details on all network communication.

Direct: 1.1.6.b

Augment: 1.1.6.a, 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, (PCI 3.1 - 1.3.3), 1.3.3 (PCI 3.1 - 1.3.4), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b

657

Data Processor(s)

No

Audit

Log Source List = CCF: Network Security Systems

CCF: Object Disposal Failure Detail

This investigation provides details of object creations, deletions, and removals.

Augment: 10.2.7

658

Platform Manager

No

Operations

Log Source List = CCF: All Log Sources

CCF: Operations Exception Detail

This investigation provides details on critical failure or error conditions.

Augment: 12.10.5

659

Data Processor(s)

No

Operations

Log Source List = CCF: All Log Sources

CCF: Physical Access Failure Detail

This investigation provides details on critical failures or errors to the physical access system.

Augment: 8.1.3.b,9.1, 9.1.1.a, 9.1.2, 9.3.c

660

Platform Manager

No

Security

Log Source List = CCF: Physical Security Systems

CCF: Priv Acct Auth Detail

This investigation provides details of privileged user authentication successes and failures by impacted host.

Direct: 10.1, 10.2.1, 10.2.2, 10.2.4, 10.2.5.a, 10.2.5.b, 10.2.5.c, 10.8.b, A3.3.1.b

Augment: 7.1.1, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

661

Data Processor(s)

No

Security

Log Source List = CCF: All Log Sources

CCF: Reconnaissance/Suspicious Detail

This investigation provides details on reconnaissance activity.

Augment: 11.4.a, 11.4.b, 11.4.c

662

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Rogue WAP Detail

This investigation provides details of detected rogue access points.

Augment: 11.1.b, 11.1.d, 12.10.5

663

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Security Activity Detail

This investigation provides details on security events like attacks, compromises, and denial of service activity.

Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5

664

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Security Event Detail

This investigation provides details on security events such as activity, attack, compromise, denial of service, malware, misuse, reconnaissance, and suspicious.

Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5

665

Data Processor(s)

No

Security

Log Source List = CCF: Network Security Systems

CCF: Signature Update Failure Detail

This investigation provides details on critical failures or errors to antivirus signature updates.

Augment: 11.4.a, 11.4.b, 11.4.c, 12.10.5

666

Platform Manager

No

Operations

Log Source List = CCF: Network Security Systems

CCF: Software Update Failure Detail

This investigation provides details on software update failure activity.

Direct: 5.2.d, 6.2.b

Augment: 5.2.b, 5.2.c, 11.4.a, 11.4.b, 11.4.c, 12.11.a, A3.2.5.b

667

Platform Manager

No

Operations

Log Source List = CCF: All Log Sources

CCF: Test Communication Detail

This investigation provides details on communication to or from the test environment.

Augment: 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2

668

Data Processor(s)

No

Operations

Log Source List = CCF: Network Security Systems

CCF: TLS/SSL Activity

This investigation provides details on TLS and SSL activity, from LogRhythm Network Monitor logging.

Augment: 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3

669

Data Processor

No

Audit

All available Log Sources

CCF: Vendor Access Detail

This investigation provides detail information around vendor account access failures.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

670

Data Processor(s)

No

Security

Log Source List = CCF: All Log Sources

CCF: Vendor Account Enabled Detail

This investigation provides details of vendor account management activity.

 

Augment: 8.1.a, 8.1.1, 8.1.2, 8.1.3.a, 8.1.4, 8.1.5.a, 8.1.5.b, 8.1.6.b, 8.2.5.a, 8.2.5.b, 8.5.c, 12.3.9

671

Platform Manager

No

Security

Log Source List = CCF: All Log Sources

CCF: Vendor Authentication Detail

This investigation provides details of vendor account activity.

Direct: 10.2.1, 10.2.4, 10.8.b, A3.3.1.b

Augment: 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b

672

LogMart

No

Security

CCF: All Log Sources

CCF: Vulnerability Detail

This investigation provides details on the occurrence of vulnerabilities.

Augment: 6.5.1, 6.5.2, 6.5.4, 6.5.5, 6.5.6, 6.5.7, A, 6.5.9,6.6, 12.10.5

673

Platform Manager

No

Security

Log Source List = CCF: Network Security Systems

CCF: Wireless Communication Detail

This investigation provides details on communication to or from the wireless environment.

Augment: 2.2.2.a, 2.2.2.b

674

Data Processor(s)

No

Audit

Log Source List = CCF: Network Security Systems

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.