SOC 2 - Requirements
| Control ID | Support Summary | AIE Rules | Investigations | Summary Reports | Detailed Report |
|---|---|---|---|---|---|
| 1.1.04 | SIEM is inherently a systematic monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected standards as it applies to the environments and technologies that the SIEM is setup to monitor, thereby augmenting this control. | ||||
| 2.1.02 | SIEM is a log collection tool. Having LR helps this objective. | ||||
| 2.1.03 | SIEM is a log collection tool. Having LR helps this objective. | ||||
| 2.2.02 | SIEM does not take the place of valuable process controls outlining the communication requirements between management and the board of directors. However, SIEM provides powerful insights that can help management and the board of directors fulfill their roles. | ||||
| 2.2.08 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM can identify deviations from entities expected standards and recommend further training to meet security awareness performance indicators. | ||||
| 2.2.11 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM can identify changes, planned or otherwise, allowing changes to be communicated in a timely manner. | ||||
| 3.1.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 3.1.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected standards which can inform the risk assessment process. | ||||
| 3.2.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 3.2.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 3.2.07 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 3.2.08 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 3.4.04 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 4.1.01 | Commonly mapped to Internal audit assessments, management reviews, and continual improvement in 27001. | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 4.1.08 | Commonly mapped to Internal audit assessments, management reviews, and continual improvement in 27001. | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 4.2.02 | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| 4.2.03 | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
| 5.1.01 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 5.1.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 5.1.06 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 5.2.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Backup Information CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Critical Event After Attack CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: GeoIP General Activity CCF: GeoIP Blacklisted Region Activity CCF: Social Media Event CCF: Misuse CCF: Disabled Account Auth Success CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Blacklist Location Auth CCF: Distributed Brute Force CCF: External Brute Force Auths CCF: Concurrent VPN from Multiple Locations CCF: Software Install CCF: Software Uninstall CCF: Concurrent VPN from Single User CCF: Excessive Authentication Failures Rule CCF: Account Modification CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Attack then External Connection CCF: Auth After Numerous Failed Auths CCF: Auth After Security Event CCF: Abnormal Origin Location CCF: Password Modified by Admin CCF: Multiple Account Passwords Modified by Admin CCF: Admin Password Modified CCF: Config Modified CCF: Password Modified by Another User CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Backup Failure Alarm CCF: Unknown User Account Alarm CCF: Blacklisted Account Alarm CCF: Priv Group Access Granted Alarm CCF: Rogue Access Point Alarm CCF: Suspected Wireless Attack Alarm CCF: Malware Alarm CCF: Vulnerability Detected Alarm CCF: Compromise Detected Alarm CCF: Denial of Service Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Privilege Escalation After Attack Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Physical Access Inv CCF: Password Modification Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 5.2.03 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.1.01 | CCF: New Asset | ||||
| 6.1.02 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.1.03 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.1.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 6.1.05 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 6.1.06 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 6.1.07 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.1.08 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.1.09 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.1.10 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.2.01 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.2.02 | CCF: Inactive Users CCF: Dormant User | CCF: Term Account Activity Summary | |||
| 6.2.03 | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |||
| 6.3.02 | CCF: Inactive Users CCF: Dormant User | CCF: Term Account Activity Summary | |||
| 6.3.03 | CCF: Excessive Authentication Failures Rule CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Account Modification CCF: Password Modified by Admin CCF: Admin Password Modified CCF: Multiple Account Passwords Modified by Admin CCF: Password Modified by Another User CCF: Auth After Numerous Failed Auths CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Priv Group Access Granted Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Unknown User Account Alarm CCF: Time Sync Error Alarm | CCF: User Object Access Inv CCF: Physical Access Inv CCF: Applications Accessed By User Inv CCF: Privileged Account Modification Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Host Access Granted And Revoked Inv CCF: Unknown User Account Inv CCF: Privileged Account Escalation Inv CCF: Audit Log Inv CCF: Object Access Inv CCF: Password Modification Inv CCF: Time Sync Error Inv | CCF: User Object Access Summary CCF: Physical Access Summary CCF: Applications Accessed By User Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Audit Log Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Object Access Summary CCF: Time Sync Error Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 6.4.02 | CCF: Inactive Users CCF: Dormant User | CCF: Term Account Activity Summary CCF: Physical Access Summary | |||
| 6.4.03 | CCF: Physical Access Summary | ||||
| 6.5.01 | |||||
| 6.5.02 | |||||
| 6.6.01 | CCF: Blacklisted Egress Port Observed CCF: Blacklisted Ingress Port Observed CCF: Port Misuse: 53 CCF: Port Misuse: 80 | ||||
| 6.6.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 6.7.01 | CCF: Data Destruction CCF: Data Exfiltration Observed CCF: Data Loss Prevention | ||||
| 6.7.02 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.7.04 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.8.02 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.8.03 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.8.04 | CCF: Config Change After Attack CCF: Software Install CCF: Software Uninstall CCF: Critical Event After Attack CCF: Rogue Access Point Alarm CCF: Suspected Wireless Attack Alarm CCF: Malware Alarm CCF: Vulnerability Detected Alarm CCF: Compromise Detected Alarm CCF: Denial of Service Alarm CCF: Privilege Escalation After Attack Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 6.8.05 | CCF: Config Change After Attack CCF: Software Install CCF: Software Uninstall CCF: Critical Event After Attack CCF: Rogue Access Point Alarm CCF: Suspected Wireless Attack Alarm CCF: Malware Alarm CCF: Vulnerability Detected Alarm CCF: Compromise Detected Alarm CCF: Denial of Service Alarm CCF: Privilege Escalation After Attack Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 7.1.01 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 7.1.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 7.1.03 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 7.1.04 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 7.1.05 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 7.2.01 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Backup Information CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Critical Event After Attack CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: GeoIP General Activity CCF: GeoIP Blacklisted Region Activity CCF: Social Media Event CCF: Misuse CCF: Disabled Account Auth Success CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Blacklist Location Auth CCF: Distributed Brute Force CCF: External Brute Force Auths CCF: Concurrent VPN from Multiple Locations CCF: Software Install CCF: Software Uninstall CCF: Concurrent VPN from Single User CCF: Excessive Authentication Failures Rule CCF: Account Modification CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Attack then External Connection CCF: Auth After Numerous Failed Auths CCF: Auth After Security Event CCF: Abnormal Origin Location CCF: Password Modified by Admin CCF: Multiple Account Passwords Modified by Admin CCF: Admin Password Modified CCF: Config Modified CCF: Password Modified by Another User CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Backup Failure Alarm CCF: Unknown User Account Alarm CCF: Blacklisted Account Alarm CCF: Priv Group Access Granted Alarm CCF: Rogue Access Point Alarm CCF: Suspected Wireless Attack Alarm CCF: Malware Alarm CCF: Vulnerability Detected Alarm CCF: Compromise Detected Alarm CCF: Denial of Service Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Privilege Escalation After Attack Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 7.2.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Backup Information CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Critical Event After Attack CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: GeoIP General Activity CCF: GeoIP Blacklisted Region Activity CCF: Social Media Event CCF: Misuse CCF: Disabled Account Auth Success CCF: Corroborated Account Anomalies CCF: Windows RunAs Privilege Escalation CCF: Linux sudo Privilege Escalation CCF: Local Account Created and Used CCF: Blacklist Location Auth CCF: Distributed Brute Force CCF: External Brute Force Auths CCF: Concurrent VPN from Multiple Locations CCF: Software Install CCF: Software Uninstall CCF: Concurrent VPN from Single User CCF: Excessive Authentication Failures Rule CCF: Account Modification CCF: Account Enabled Rule CCF: Account Disabled Rule CCF: Account Deleted Rule CCF: Attack then External Connection CCF: Auth After Numerous Failed Auths CCF: Auth After Security Event CCF: Abnormal Origin Location CCF: Password Modified by Admin CCF: Multiple Account Passwords Modified by Admin CCF: Admin Password Modified CCF: Config Modified CCF: Password Modified by Another User CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Backup Failure Alarm CCF: Unknown User Account Alarm CCF: Blacklisted Account Alarm CCF: Priv Group Access Granted Alarm CCF: Rogue Access Point Alarm CCF: Suspected Wireless Attack Alarm CCF: Malware Alarm CCF: Vulnerability Detected Alarm CCF: Compromise Detected Alarm CCF: Denial of Service Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Privilege Escalation After Attack Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |
| 7.2.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 7.2.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 7.3.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| 7.3.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 7.4.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. Emphasis on detection with case management capabilities. | ||||
| 7.4.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. Emphasis on detection with case management capabilities. | ||||
| 7.4.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. Emphasis on detection with case management capabilities. | ||||
| 7.4.05 | CCF: Backup Information CCF: Backup Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | ||
| 7.4.06 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 7.4.07 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 7.4.08 | CCF: Vulnerability Detected Alarm | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | ||
| 7.4.09 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Vulnerability Detected Alarm | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |
| 7.4.10 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 7.4.11 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| 7.4.12 | |||||
| 7.5.01 | CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv | CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Backup Activity Summary | |||
| 7.5.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| 7.5.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| 7.5.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 7.5.05 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| 8.1.01 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| 8.1.05 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| 8.1.10 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| 8.1.11 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| 8.1.12 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| 8.1.14 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| A1.1.01 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| A1.1.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| A1.2.08 | CCF: Backup Information CCF: Backup Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | ||
| C1.1.02 | CCF: FIM General Activity CCF: FIM Add Activity CCF: FIM Abnormal Activity CCF: FIM Information CCF: Data Destruction CCF: Data Loss Prevention CCF: Data Exfiltration Observed CCF: Corroborated Data Access Anomalies CCF: Abnormal Amount of Data Transferred CCF: Large Outbound Transfer CCF: FIM Delete Activity Alarm CCF: Non-Encrypted Protocol Alarm CCF: Early TLS/SSL Alarm CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: Time Sync Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| PI1.3.03 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| PI1.3.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| PI1.4.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is can identify trends, deviations from expected standards, and unexpected risks that will enhance the risk assessment process. | ||||
| PI1.5.01 | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | ||
| PI1.5.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| PI1.5.03 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| PI1.5.04 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Config Modified CCF: Config Change After Attack CCF: Config Change then Critical Error CCF: Config Deleted/Disabled CCF: Software Install CCF: Software Uninstall CCF: LogRhythm Silent Log Source Error Alarm CCF: Audit Logging Stopped Alarm CCF: Audit Log Cleared Alarm CCF: Failed Audit Log Write Alarm CCF: PRD Envir Config/Policy Change Alarm CCF: Critical/PRD Envir Patch Failure Alarm CCF: PRD Envir Signature Failure Alarm CCF: Software Install Fail Alarm CCF: Software Uninstall Fail Alarm CCF: Time Sync Error Alarm | CCF: Config/Policy Change Inv CCF: Patch Activity Inv CCF: Signature Activity Inv CCF: Critical Environment Error Inv CCF: Audit Log Inv CCF: Time Sync Error Inv | CCF: Patch Activity Summary CCF: Signature Activity Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Audit Log Summary CCF: Time Sync Error Summary | |
| P6.3.01 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | ||||
| P6.4.02 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | ||||
| P6.5.01 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | ||||
| P6.5.02 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| P6.6.01 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| P6.6.02 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | |
| P8.1.05 | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail | ||
| P8.1.06 | SIEM is inherently a systematic collection and monitoring tool. Paired with the compliance and threat-focused content, LR SIEM is designed to identify deviations from entities expected and defined standards as it applies to the environments and technologies. | CCF: Use Of Non-Encrypted Protocols Inv CCF: Object Access Inv CCF: User Object Access Inv CCF: Audit Log Inv CCF: LogRhythm Data Loss Defender Log Inv CCF: Config/Policy Change Inv CCF: Critical Environment Error Inv CCF: Signature Activity Inv CCF: Patch Activity Inv CCF: Backup Activity Inv CCF: Time Sync Error Inv CCF: Social Media Inv CCF: Host Access Granted And Revoked Inv CCF: Applications Accessed By User Inv CCF: Suspicious Users Inv CCF: User Misuse Inv CCF: Unknown User Account Inv CCF: GeoIP Inv CCF: Privileged Account Modification Inv CCF: Privileged Account Escalation Inv CCF: Rogue Access Point Inv CCF: Suspected Wireless Attack Inv CCF: Malware Detected Inv CCF: Vulnerability Detected Inv CCF: Compromises Detected Inv CCF: Denial of Service Inv CCF: Excessive Authentication Failure Inv CCF: Account Modification Inv CCF: Enabled Account Inv CCF: Disabled Account Inv CCF: Deleted Account Inv CCF: Password Modification Inv CCF: Physical Access Inv | CCF: Use Of Non-Encrypted Protocols Summary CCF: LogRhythm Data Loss Defender Log Summary CCF: Object Access Summary CCF: User Object Access Summary CCF: Audit Log Summary CCF: Config/Policy Change Summary CCF: Critical Environment Error Summary CCF: Signature Activity Summary CCF: Patch Activity Summary CCF: Time Sync Error Summary CCF: Social Media Summary CCF: Applications Accessed By User Summary CCF: Top Suspicious Users CCF: User Misuse Summary CCF: GeoIP Summary CCF: User Priv Escalation (Windows) Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: Priv Authentication Activity Summary CCF: Priv Account Management Activity Summary CCF: Compromises Detected Summary CCF: Rogue Access Point Summary CCF: Suspected Wireless Attack Summary CCF: Malware Detected Summary CCF: Vulnerability Detected Summary CCF: Auth Failure Summary CCF: Access Failure Summary CCF: Auth Success Summary CCF: Access Success Summary CCF: Account Enabled Summary CCF: Account Disabled Summary CCF: Account Deleted Summary CCF: Account Modification Summary CCF: Term Account Activity Summary CCF: Backup Activity Summary CCF: Physical Access Summary | CCF: Host Access Granted And Revoked Detail CCF: Unknown User Account Detail |