Skip to main content
Skip table of contents

SOX – Investigations

Investigation Name

Investigation Description

Investigation ID

Data SourceClassificationIntelligent IndexingLog Sources

SOX: FIM Critical/Error/Information Inv

This investigation provides details of critical failures, errors, and information from file integrity monitoring software across Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06

371

Event ManagerCritical, ErrorYes

SOX: File Integrity Monitors

SOX: Non-Encrypted Protocol Inv

This investigation provides details of unencrypted applications being utilized within the Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: APO01.03, APO01.06, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06

372

Log ManagerOperations: InformationYes

All Log Sources

SOX: Physical Access Inv

This investigation provides details of physical access success and failure activity for Critical and Production environments (entity structure).

 

Direct: DSS05.05

 

Augment: APO01.03, APO01.06, DSS05.06, DSS06.06

373

Log ManagerAccess Failure, Access Success, Authentication Failure, Authentication SuccessYes, No, Yes, NoSOX: Physical Security Systems

SOX: Data Loss Prevention Inv

This investigation provides detailed information regarding data loss prevention activities identified through configured AIE rules.

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: APO01.03, APO01.06, BAI04.03, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06

374

Event Manager

Operations : Information Security : Compromise

Yes

All Log Sources

SOX: Acct Created, Used, Deleted Inv

The following investigation provides detail information around the configured AIE rule identifying accounts created, used and deleted within the Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.04, DSS05.07, DSS06.03

376

Event Manager

Security : Suspicious

Yes

All Log Sources

SOX: Account Created Inv

This investigation provides detailed information pertaining to any account created that has not been allocated to a defined SOX user account list in Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

377

Event Manager

Account Created

Yes

All Log Sources

SOX: Priv Acct Auth Failure Inv

This investigation provides detailed information around privileged account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

378

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: Priv Acct Auth Success Inv

This investigation provides detailed information around privileged account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

379

Log Manager

Authentication Success

No

All Log Sources

SOX: Priv Acct UAM Inv

This investigation provides detail of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

380

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: Priv Acct Access Success Inv

This investigation provides detailed information around access success for privileged accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

381

Log Manager

Access Success

No

All Log Sources

SOX: Priv Acct Access Failure Inv

This investigation provides detailed information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

382

Log Manager

Access Failure

Yes

All Log Sources

SOX: Priv Acct Disabled/Enabled Inv

This investigation provides detailed information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

383

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: Vendor Acct Authentication Failure Inv

This investigation provides detailed information around vendor account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

384

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: Vendor Acct Authentication Success Inv

This investigation provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

385

Log Manager

Authentication Success

No

All Log Sources

SOX: Vendor Acct Access Failure Inv

This investigation provides detailed information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

386

Log Manager

Access Failure

Yes

All Log Sources

SOX: Shared Acct Access Success Inv

This investigation provides detailed information around access success for shared accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

387

Log Manager

Access Success

No

All Log Sources

SOX: Vendor Acct Access Success Inv

This investigation provides detailed information around access success for vendor accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

388

Log Manager

Access Success

No

All Log Sources

SOX: Vendor Acct Disabled/Enabled Inv

This investigation provides detailed information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

389

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: Default Acct Disabled/Enabled Inv

This investigation provides detailed information when a default and generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

390

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: Vendor Acct UAM Inv

This investigation provides detail of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, APO10.03, APO10.04, APO10.05, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03

391

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: Default Acct Authentication Failure Inv

This investigation provides detailed information around default and generic account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

392

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: Default Acct Authentication Success Inv

This investigation provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

393

Log Manager

Authentication Success

No

All Log Sources

SOX: Default Acct Access Failure Inv

This investigation provides detailed information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

394

Log Manager

Access Failure

Yes

All Log Sources

SOX: Default Acct Access Success Inv

This investigation provides detailed information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

395

Log Manager

Access Success

No

All Log Sources

SOX: Default Acct UAM Inv

This investigation provides detail of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

396

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: Shared Acct Authentication Failure Inv

This investigation provides detailed information around shared account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

397

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: Shared Acct Authentication Success Inv

This investigation provides detailed information around shared account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

398

Log Manager

Authentication Success

No

All Log Sources

SOX: Shared Acct Access Failure Inv

This investigation provides detailed information around access failures for shared accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

399

Log Manager

Access Failure

Yes

All Log Sources

SOX: Shared Acct Disabled/Enabled Inv

This investigation provides detailed information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

400

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: Shared Acct UAM Inv

This investigation provides detail of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

401

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: BU Acct Authentication Failure Inv

This investigation provides detailed information around business user account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

402

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: BU Acct Authentication Success Inv

This investigation provides detailed information around business user account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

403

Log Manager

Authentication Success

No

All Log Sources

SOX: BU Acct Access Failure Inv

This investigation provides detailed information around access failures for business user accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

404

Log Manager

Access Failure

Yes

All Log Sources

SOX: HR Payroll Acct Accs Failure Inv

This investigation provides detailed information around access failures for HR or payroll accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

405

Log Manager

Access Failure

Yes

All Log Sources

SOX: BU Acct Access Success Inv

This investigation provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

406

Log Manager

Access Success

No

All Log Sources

SOX: BU Acct Disabled/Enabled Inv

This investigation provides detailed information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

407

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: BU Acct UAM Inv

This investigation provides detail of various access modifications to business user accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

408

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: IT Acct Authentication Failure Inv

This investigation provides detailed information around IT user account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

409

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: IT Acct Authentication Success Inv

This investigation provides detailed information around IT user account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

410

Log Manager

Authentication Success

No

All Log Sources

SOX: IT Acct Access Failure Inv

This investigation provides detailed information around access failures for IT user accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

411

Log Manager

Access Failure

Yes

All Log Sources

SOX: IT Acct Access Success Inv

This investigation provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

412

Log Manager

Access Success

No

All Log Sources

SOX: IT Acct Disabled/Enabled Inv

This investigation provides detailed information when a IT user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

413

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: IT Acct UAM Inv

This investigation provides detail of various access modifications to IT user accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

414

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: Terminated User Authentication Activity Inv

This investigation provides detailed information around access success and failures for terminated accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

415

Event Manager

Authentication Failure, Authentication Success

Yes, No

All Log Sources

SOX: Terminated User Access Activity Inv

This investigation provides detailed information around terminated account access successes and failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

416

Log Manager

Access Failure, Access Success

Yes, No

All Log Sources

SOX: HR Payroll Acct Auth Failure Inv

This investigation provides detailed information around HR or payroll account authentication failures across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

417

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: HR Payroll Acct Auth Success Inv

This investigation provides detailed information around HR or payroll account authentication successes across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

418

Log Manager

Authentication Success

No

All Log Sources

SOX: HR Payroll Acct Accs Success Inv

This investigation provides detailed information around access success for HR or payroll accounts (list) within the Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

419

Log Manager

Access Success

No

All Log Sources

SOX: HR Payroll Acct Disable/Enable Inv

This investigation provides detailed information when an HR or payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

420

Event Manager

Access Granted, Access Revoked

Yes

SOX: Network Access Control Systems

SOX: HR Payroll Acct UAM Inv

This investigation provides detail of various access modifications to HR or payroll accounts (list) occurring within Critical or Production environments (entity structure).

 

Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03

421

Log Manager

Audit : Account Modified

Yes

SOX: Network Access Control Systems

SOX: TST Environment Error Inv

This investigation provides details around critical or error messages received from test servers or systems (entity structure) to support change management procedures.

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

422

Event Manager

Critical, Error

Yes

All Log Sources

SOX: TST Authentication Success Inv

This investigation provides detailed information around account authentication successes across Test environments (entity structure).

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

423

Log Manager

Authentication Success

No

All Log Sources

SOX: TST Authentication Failure Inv

This investigation provides detailed information around account authentication failures across Test environments (entity structure).

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

424

Event Manager

Authentication Failure

Yes

All Log Sources

SOX: TST Access Success Inv

This investigation provides detailed information around access success for accounts (list) within the Test environments (entity structure).

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

425

Log Manager

Access Success

No

All Log Sources

SOX: TST Access Failure Inv

This investigation provides detailed information around access failures for accounts (list) within the Test environments (entity structure).

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

426

Log Manager

Access Failure

Yes

All Log Sources

SOX: TST Priv Acct Authentication Inv

This investigation provides detailed information around account authentication successes and failures across Test environments (entity structure).

 

Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05

427

Log Manager

Authentication Success, Authentication Failure

No, Yes

All Log Sources

SOX: Critical Environment Error Inv

This investigation provides details around critical or error messages received from critical servers or systems (entity structure) to support change management procedures.

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06

 

Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05

428

Event Manager

Critical, Error

Yes

All Log Sources

SOX: Production Environment Error Inv

This investigation provides details around critical or error messages received from production servers or systems (entity structure) to support change management procedures.

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06

 

Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05

429

Event Manager

Critical, Error

Yes

All Log Sources

SOX: LogRhythm Silent Log Source Error Inv

This investigation provides detailed information when a LogRhythm Log Source has not received logs during the defined error period, for critical and production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: BAI04.01, BAI04.03, BAI04.04, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07

430

Event Manager

Critical, Error

Yes

All Log Sources

SOX: Backup Failure/Error Inv

This investigation provides detail of critical and error messages received from backup software (log source list) across critical and production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06

 

Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07

431

Event Manager

Critical, Error

Yes

SOX: Backup Servers- Systems

SOX: Backup Activity Inv

This investigation provides detail of activity from backup software (log source list) across critical and production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06

 

Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07

432

Log Manager

Operations

Yes

SOX: Backup Servers- Systems

SOX: FIM Activity Inv

This investigation provides detail of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions.

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06

433

Log Manager

Operations : Access Success

Yes for FIM

SOX: File Integrity Monitors

SOX: Config/Policy Change Inv

This investigation provides details of the occurrence of configuration or policy changes within Critical and Production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

434

Log Manager

Configuration, Policy

Yes

All Log Sources

SOX: *NIX Hosts Configuration Change Inv

This investigation provides detail of configuration changes and policy modifications on production *NIX hosts across critical and production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

435

Log Manager

Configuration

Yes

All Log Sources

SOX: Windows Hosts Configuration Change Inv

This investigation provides detail of configuration changes and policy modifications on Windows hosts across critical and production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

436

Log Manager

Configuration

Yes

All Log Sources

SOX: Patch Applied Inv

This investigation provides detail of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

437

Log Manager

Operations : Information

Yes

All Log Sources

SOX: Patch Failure Inv

This investigation provides detailed information around patch failure log messages received across Critical and Production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

438

Event Manager

Operations : Information

Yes

All Log Sources

SOX: Signature Update Inv

This investigation provides details on signature update activity across Critical and Production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

439

Log Manager

Operations : Information

Yes

All Log Sources

SOX: Signature Failure Inv

This investigation provides details of signature failure messages received from Critical and Production environments (entity structure).

 

Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04

440

Event Manager

Operations : Information

Yes

All Log Sources

SOX: Time Sync Error Inv

This investigation provides details of time sync errors occurring within Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06

 

Augment: BAI04.04, BAI04.05, DSS01.01, DSS01.03, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05

441

Event ManagerOperations: WarningYesAll Log Sources

SOX: Malware Detected Inv

This investigation provides detail of malware activity by entity and impacted host within the organization's Critical and Production environments.

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07

442

Event ManagerMalware, Failed MalwareYesSOX: Malware Prevention Systems

SOX: Vulnerability Detected Inv

This investigation provides detail of potential vulnerabilities detected across the Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07

443

Event ManagerVulnerability, Suspicious, Failed SuspiciousYesSOX: Network Security Systems

SOX: Attack Detected Inv

This investigation provides detailed information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical and production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07

444

Event Manager

Security: Activity, Attack, Compromise, Denial Of Service, Failed Activity, Failed Attack, Failed Denial of Service, Failed Misuse, Misuse, Reconnaissance

YesSOX: Network Security Systems

SOX: Rogue Access Point Inv

This investigation provides detail of all detected rogue wireless access points by Impacted Host across Critical and Production environments (entity structure).

 

Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01

 

Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07

445

Event ManagerSecurity : SuspiciousYesSOX: Network Security Systems
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.