SOX – Reports and Reporting Packages
Summary Reports
Summary Report Name | Report Description | Report ID | Data Source | Classification | Intelligent Indexing | Log Sources |
|---|---|---|---|---|---|---|
SOX: Physical Access Summary | This report summarizes physical door access success, failures and suspicious door activity within the organization's physical security perimeter.
Direct: DSS05.05
Augment: APO01.03, APO01.06, DSS05.06, DSS06.06 | 1402 | Platform Manager | Access Failure, Access Success, Authentication Failure, Authentication Success | Yes, No, Yes, No | SOX: Physical Security Systems |
SOX: Non-Encrypted Protocol Summary | This report provides a summary of non-encrypted protocols seen on the network grouped by Impacted Application.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1403 | Data Processor | Operations: Information | Yes | All Log Sources |
SOX: FIM Critical/Error/Information Summary | This report provides a summary of critical failures, errors, and information from file integrity monitoring software for both LogRhythm FIM and other FIM solutions.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1404 | Platform Manager | Critical, Error | Yes | SOX: File Integrity Systems |
SOX: Data Loss Prevention Summary | This report provides summary information regarding data loss prevention activities identified through configured AIE rules.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.03, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1405 | Platform Manager | Operations : Information Security : Compromise | Yes | All Log Sources |
SOX: FIM Activity Summary | This report provides a summary of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1406 | Data Processor | Operations : Access Success | Yes for FIM | SOX: File Integrity Systems |
SOX: Acct Created, Used, Deleted Summary | This report provides summary information for any instance where an internal account is created, used and then deleted. This is driven by configured AIE rule(s).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.04, DSS05.07, DSS06.03 | 1407 | Platform Manager | Security : Suspicious | Yes | All Log Sources |
SOX: Account Created Summary | This report provides summary information around account creations as compared against existing user lists within LogRhythm and supplements User Access Management activities.
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1408 | Platform Manager | Account Created | Yes | SOX: Network Access Control Systems |
SOX: Top Applications Experiencing Errors Summary | Provides a summary of applications experiencing errors by highest log count for Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1409 | Log Mart | Error | Yes | All Log Sources |
SOX: Top Hosts Experiencing Errors Summary | Provides a summary of hosts experiencing errors by highest log count for Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1410 | Log Mart | Error | Yes | All Log Sources |
SOX: Top Attacker Summary | Provides a summary of applications experiencing errors by highest log count for Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1412 | Log Mart | Attack | Yes | All Log Sources |
SOX: Top Suspicious Users Summary | This report lists all users generating suspicious activity ordered by the number of events (high to low) for Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.04, DSS05.07, DSS06.03 | 1413 | Data Processor | Suspicious | Yes | All Log Sources |
SOX: Top Suspicious Login Summary | This report summarizes security activity (activity, attack, compromise, denial of service, failed activity, failed attack, failed denial of service, failed malware, failed misuse, failed suspicious, malware, misuse, reconnaissance, suspicious, vulnerability) by Origin Login. This report is based on Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.04, DSS05.07, DSS06.03 | 1414 | Data Processor | Suspicious | Yes | All Log Sources |
SOX: Top Targeted Application Summary | This report summarizes security activity (activity, attack, compromise, denial of service, failed activity, failed attack, failed denial of service, failed malware, failed misuse, failed suspicious, malware, misuse, reconnaissance, suspicious, vulnerability) by Impacted Application. This report is configured to run against Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1415 | Data Processor | Security: Activity, Attack, Compromise, Denial of Service, Failed Activity, Failed Attack, Failed Denial of Service, Failed Malware, Failed Misuse, Failed Suspicious, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability | Yes | All Log Sources |
SOX: Top Targeted Host Summary | This report provides a summary overview of top targeted systems according by impacted host. The report is configured to report on these activities across Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1416 | Data Processor | Security: Activity, Attack, Compromise, Denial of Service, Failed Activity, Failed Attack, Failed Denial of Service, Failed Malware, Failed Misuse, Failed Suspicious, Malware, Misuse, Reconnaissance, Suspicious, Vulnerability | Yes | All Log Sources |
SOX: Usage Auditing Activity Summary | The following report provides summary information around usage activity by user and is configured against Critical and Production environments (entity structure).
Direct: DSS05.01
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1417 | Platform Manager | Audit | No | All Log Sources |
SOX: Priv Acct Auth Failure Summary | This report provides summary information around privileged account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1418 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Priv Acct Auth Success Summary | This report provides summary information around privileged account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1419 | Log Mart | Authentication Success | No | All Log Sources |
SOX: Priv Acct UAM Summary | This report provides a summary of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1420 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Priv Acct Access Success Summary | This report provides summary information around access success for privileged accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1421 | Log Mart | Access Success | No | All Log Sources |
SOX: Priv Acct Access Failure Summary | This report provides summary information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1422 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: Priv Acct Disabled/Enabled Summary | This report provides summary information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1423 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: Vendor Acct Authentication Failure Summary | This report provides summary information around vendor account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1424 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Vendor Acct Authentication Success Summary | This report provides summary information around vendor account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1425 | Log Mart | Authentication Success | No | All Log Sources |
SOX: Vendor Acct Access Failure Summary | This report provides summary information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1426 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: Vendor Acct Access Success Summary | This report provides summary information around access success for vendor accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1427 | Log Mart | Access Success | No | All Log Sources |
SOX: Vendor Acct Disabled/Enabled Summary | This report provides summary information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1428 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: Vendor Acct UAM Summary | This report provides a summary of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1429 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Default Acct Authentication Failure Summary | This report provides summary information around default and generic account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1430 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Default Acct Authentication Success Summary | This report provides summary information around default and generic account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1431 | Log Mart | Authentication Success | No | All Log Sources |
SOX: Default Acct Access Failure Summary | This report provides summary information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1432 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: Default Acct Access Success Summary | This report provides summary information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1433 | Log Mart | Access Success | No | All Log Sources |
SOX: Default Acct Disabled/Enabled Summary | This report provides summary information when a default or generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1434 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: Default Acct UAM Summary | This report provides a summary of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1435 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Shared Acct Authentication Failure Summary | This report provides summary information around shared account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1436 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Shared Acct Authentication Success Summary | This report provides summary information around shared account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1437 | Log Mart | Authentication Success | No | All Log Sources |
SOX: Shared Acct Access Failure Summary | This report provides summary information around access failures for shared accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1438 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: Shared Acct Access Success Summary | This report provides summary information around access success for shared accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1439 | Log Mart | Access Success | No | All Log Sources |
SOX: Shared Acct Disabled/Enabled Summary | This report provides summary information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1440 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: Shared Acct UAM Summary | This report provides a summary of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1441 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: BU Acct Authentication Failure Summary | This report provides summary information around business user account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1442 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: BU Acct Authentication Success Summary | This report provides summary information around business user account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1443 | Log Mart | Authentication Success | No | All Log Sources |
SOX: BU Acct Access Failure Summary | This report provides summary information around access failures for business user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1444 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: BU Acct Access Success Summary | This report provides summary information around access success for business user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1445 | Log Mart | Access Success | No | All Log Sources |
SOX: BU Acct Disabled/Enabled Summary | This report provides summary information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1446 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: BU Acct UAM Summary | This report provides a summary of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1447 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: IT Acct Authentication Failure Summary | This report provides summary information around IT user account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1448 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: IT Acct Authentication Success Summary | This report provides summary information around IT user account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1449 | Log Mart | Authentication Success | No | All Log Sources |
SOX: IT Acct Access Failure Summary | This report provides summary information around access failures for IT user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1450 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: IT Acct Access Success Summary | This report provides summary information around access success for IT user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1451 | Log Mart | Access Success | No | All Log Sources |
SOX: IT Acct Disabled/Enabled Summary | This report provides summary information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1452 | Platform Manager | Account Enabled, Account Disabled | Yes | SOX: Network Access Control Systems |
SOX: IT Acct UAM Summary | This report provides a summary of various access modifications to IT user accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1453 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Terminated User Access Activity Summary | This report provides a summary of access success and failures from terminated accounts (list) within Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1454 | Data Processor | Access Success, Access Failure | No, Yes | All Log Sources |
SOX: Terminated User Auth Activity Summary | This report provides a summary of authentication successes and failures from terminated accounts (list) within Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1455 | Data Processor | Authentication Success, Authentication Failure | No, Yes | All Log Sources |
SOX: HR Payroll Acct Auth Failure Summary | This report provides summary information around HR or Payroll account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1456 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: HR Payroll Acct Auth Success Summary | This report provides summary information around HR or Payroll account (list) authentication success across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1457 | Log Mart | Authentication Success | No | All Log Sources |
SOX: HR Payroll Acct Accs Failure Summary | This report provides summary information around access failures for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1458 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: HR Payroll Acct Accs Success Summary | This report provides summary information around access success for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1459 | Log Mart | Access Success | No | All Log Sources |
SOX: HR Payroll Acct Disable/Enable Summary | This report provides summary information when an HR or Payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1460 | Platform Manager | Account Enabled, Account Disabled | Yes | All Log Sources |
SOX: HR Payroll Acct UAM Summary | This report provides a summary of various access modifications to HR or Payroll accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1461 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: TST Environment Error Summary | This report provides summary details around critical or error messages received from test servers or systems (entity structure) to support change management procedures.
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1462 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: TST Authentication Success Summary | This report provides summary information around authentication success across test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1463 | Log Mart | Authentication Success | No | All Log Sources |
SOX: TST Authentication Failure Summary | This report provides summary information around authentication failures across test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1464 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: TST Access Success Summary | This report provides summary information around access success for accounts within the test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1465 | Log Mart | Access Success | No | All Log Sources |
SOX: TST Priv Acct Authentication Summary | This report provides summary information around authentication success and failures for defined privileged accounts (list) within the test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1466 | Data Processor | Authentication Success, Authentication Failure | No, Yes | All Log Sources |
SOX: TST Access Failure Summary | This report provides summary information around access failures for accounts within the test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1467 | Platform Manager | Access Failure | Yes | All Log Sources |
SOX: Critical Environment Error Summary | This report provides summary details around critical or error messages received from critical servers or systems (entity structure) to support change management procedures.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1468 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: Production Environment Error Summary | This report provides summary details around critical or error messages received from production servers or systems (entity structure) to support change management procedures.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1469 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: LogRhythm Silent Log Source Error Summary | This report provides summary information when a LogRhythm Log Source has not received logs during the defined error period, for critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: BAI04.01, BAI04.03, BAI04.04, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1470 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: Backup Activity Summary | This report provides a summary of activity from backup software (log source list) across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07 | 1471 | Data Processor | Operations | Yes | SOX: Backup Servers- Systems |
SOX: Backup Failure/Error Summary | This report provides a summary of critical and error messages received from backup software (log source list) across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07 | 1472 | Data Processor | Critical, Error | Yes | SOX: Backup Servers- Systems |
SOX: Config/Policy Change Summary | This report provides a summary of the occurrence of configuration or policy changes across critical or production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1473 | Log Mart | Configuration, Policy | Yes | All Log Sources |
SOX: *NIX Hosts Configuration Change Summary | This report provides a summary account of configuration changes and policy modifications on production *NIX hosts across critical and production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1474 | Data Processor | Configuration | Yes | All Log Sources |
SOX: Windows Hosts Configuration Change Summary | This report provides a summary account of configuration changes and policy modifications on Windows hosts across critical and production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1475 | Platform Manager | Configuration | Yes | All Log Sources |
SOX: Patch Failure Summary | This report provides summary information around patch failure log messages received across Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1476 | Platform Manager | Operations : Information | Yes | All Log Sources |
SOX: Patch Applied Summary | This report provides a summary of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1477 | Data Processor | Operations : Information | Yes | All Log Sources |
SOX: Signature Failure Summary | This report provides a summary of signature failure messages received from Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1478 | Platform Manager | Operations : Information | Yes | All Log Sources |
SOX: Signature Update Summary | This report provides summary information on signature update activity across Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1479 | Log Mart | Operations : Information | Yes | All Log Sources |
SOX: Time Sync Error Summary | This report provides a summary of time sync errors occurring within Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.04, BAI04.05, DSS01.01, DSS01.03, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1480 | Platform Manager | Operations : Warning | Yes | All Log Sources |
SOX: System Startup And Shutdown Summary | This report provides a summary of system startup/shutdown activity by impacted host within the organization's Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1481 | Log Mart | Operations | No | All Log Sources |
SOX: Malware Detected Summary | This report provides a summary of malware activity by entity and impacted host within the organization's Critical and Production environments.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1482 | Platform Manager | Malware, Failed Malware | Yes | SOX: Malware Prevention Systems |
SOX: Vulnerability Detected Summary | This report provides a summary of potential vulnerabilities detected across the Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1483 | Platform Manager | Vulnerability, Suspicious, Failed Suspicious | Yes | SOX: Network Security Systems |
SOX: Attack Detected Summary | This report provides summary information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1484 | Platform Manager | Security : Activity, Attack, Compromise, Denial Of Service, Failed Activity, Failed Attack, Failed Denial of Service, Failed Misuse, Misuse, Reconnaissance) | Yes | SOX: Network Security Systems |
SOX: Rogue Access Point Summary | This report provides a summary of all detected rogue wireless access points by Impacted Host across Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1485 | Platform Manager | Security : Suspicious | Yes | SOX: Network Security Systems |
SOX: Log Volume by Log Source Summary | This report provides a summary of log management statistics by log source.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: BAI04.01, BAI04.03, BAI04.04, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1563 | Platform Manager | Operations | Yes | All Log Sources |
SOX: Log Volume by Entity Summary | This report provides a summary of log management statistics by entity.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: BAI04.01, BAI04.03, BAI04.04, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1564 | Platform Manager | Operations | Yes | All Log Sources |
Detail Reports
Detailed Report Name | Report Description | Report ID | Data Source | Classification | Intelligent Indexing | Log Sources |
|---|---|---|---|---|---|---|
SOX: Physical Access Detail | This report provides details of physical access success and failure activity for Critical and Production environments (entity structure).
Direct: DSS05.05
Augment: APO01.03, APO01.06, DSS05.06, DSS06.06 | 1486 | Data Processor | Access Failure, Access Success, Authentication Failure, Authentication Success | Yes, No, Yes, No | SOX : Physical Security Systems |
SOX: Non-Encrypted Protocol Detail | This report provides details of unencrypted applications being utilized within the Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1487 | Data Processor | Operations: Information | Yes | All Log Sources |
SOX: FIM Critical/Error/Information Detail | This report provides details of critical failures, errors, and information from file integrity monitoring software across Critical and Production environments (entity structure)
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1488 | Platform Manager | Critical, Error | Yes | SOX : File Integrity Monitors |
SOX: Acct Created, Used, Deleted Detail | The following report provides detail information around the configured AIE rule identifying accounts created, used and deleted within the Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: AAPO07.05, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.04, DSS05.07, DSS06.03 | 1489 | Platform Manager | Security : Suspicious | Yes | All Log Sources |
SOX: Account Created Detail | This report provides detailed information pertaining to any account created that has not been allocated to a defined SOX user account list in Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1490 | Platform Manager | Account Created | Yes | All Log Sources |
SOX: Priv Acct Auth Failure Detail | This report provides detailed information around privileged account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1491 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Priv Acct Auth Success Detail | This report provides detailed information around privileged account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1492 | Data Processor | Authentication Success | No | All Log Sources |
SOX: Priv Acct UAM Detail | This report provides detail of various access modifications to privileged accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1493 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Priv Acct Access Success Detail | This report provides detailed information around access success for privileged accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1494 | Data Processor | Access Success | No | All Log Sources |
SOX: Priv Acct Access Failure Detail | This report provides detailed information around access failures for privileged accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1495 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: Priv Acct Disabled/Enabled Detail | This report provides detailed information when a privileged account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1496 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: Vendor Acct Authentication Failure Detail | This report provides detailed information around vendor account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1497 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Vendor Acct Authentication Success Detail | This report provides detailed information around vendor account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1498 | Data Processor | Authentication Success | No | All Log Sources |
SOX: Vendor Acct Access Failure Detail | This report provides detailed information around access failures for vendor accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1499 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: Vendor Acct Access Success Detail | This report provides detailed information around access success for vendor accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1500 | Data Processor | Access Success | No | All Log Sources |
SOX: Vendor Acct Disabled/Enabled Detail | This report provides detailed information when a vendor account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, BAI04.03, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1501 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: Vendor Acct UAM Detail | This report provides detail of various access modifications to vendor accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, APO10.03, APO10.04, APO10.05, DSS01.02, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1502 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Default Acct Authentication Failure Detail | This report provides detailed information around default and generic account (list) authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1503 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Default Acct Authentication Success Detail | This report provides detailed information around default and generic account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1504 | Data Processor | Authentication Success | No | All Log Sources |
SOX: Default Acct Access Failure Detail | This report provides detailed information around access failures for default and generic accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1505 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: Default Acct Access Success Detail | This report provides detailed information around access success for default and generic accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1506 | Data Processor | Access Success | No | All Log Sources |
SOX: Default Acct Disabled/Enabled Detail | This report provides detailed information when a default and generic account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1507 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: Default Acct UAM Detail | This report provides detail of various access modifications to default and generic accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1508 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Shared Acct Authentication Failure Detail | This report provides detailed information around shared account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1509 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: Shared Acct Authentication Success Detail | This report provides detailed information around shared account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1510 | Data Processor | Authentication Success | No | All Log Sources |
SOX: Shared Acct Access Success Detail | This report provides detailed information around access success for shared accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1511 | Data Processor | Access Success | No | All Log Sources |
SOX: Shared Acct Access Failure Detail | This report provides detailed information around access failures for shared accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1512 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: Shared Acct Disabled/Enabled Detail | This report provides detailed information when a shared account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1513 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: Shared Acct UAM Detail | This report provides detail of various access modifications to shared accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1514 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: BU Acct Authentication Failure Detail | This report provides detailed information around business user account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1515 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: BU Acct Authentication Success Detail | This report provides detailed information around business user account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1516 | Data Processor | Authentication Success | No | All Log Sources |
SOX: BU Acct Access Failure Detail | This report provides detailed information around access failures for business user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1517 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: BU Acct Access Success Detail | This report provides detailed information around access success for business user accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1518 | Data Processor | Access Success | No | All Log Sources |
SOX: BU Acct Disabled/Enabled Detail | This report provides detailed information when a business user account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1519 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: BU Acct UAM Detail | This report provides detail of various access modifications to business user accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1520 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: IT Acct Authentication Failure Detail | This report provides detailed information around IT account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1521 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: IT Acct Access Failure Detail | This report provides detailed information around access failures for IT accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1522 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: IT Acct Authentication Success Detail | This report provides detailed information around IT account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1523 | Data Processor | Authentication Success | No | All Log Sources |
SOX: IT Acct Access Success Detail | This report provides detailed information around access success for IT accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1524 | Data Processor | Access Success | No | All Log Sources |
SOX: IT Acct Disabled/Enabled Detail | This report provides detailed information when an IT account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1525 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: IT Acct UAM Detail | This report provides detail of various access modifications to IT accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1526 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: Terminated User Access Activity Detail | This report provides detail of account access attempts associated with terminated users (list) within Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1527 | Data Processor | Access Failure, Access Success | Yes, No | All Log Sources |
SOX: Terminated User Auth Activity Detail | This report provides detail of account authentication attempts associated with terminated users (list) within Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1528 | Data Processor | Authentication Failure Authentication Success | Yes, No | All Log Sources |
SOX: HR Payroll Acct Auth Failure Detail | This report provides detailed information around HR or Payroll account authentication failures across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1529 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: HR Payroll Acct Auth Success Detail | This report provides detailed information around HR or Payroll account authentication successes across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1530 | Data Processor | Authentication Success | No | All Log Sources |
SOX: HR Payroll Acct Accs Failure Detail | This report provides detailed information around access failures for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1531 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: HR Payroll Acct Accs Success Detail | This report provides detailed information around access success for HR or Payroll accounts (list) within the Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1532 | Data Processor | Access Success | No | All Log Sources |
SOX: HR Payroll Acct Disable/Enable Detail | This report provides detailed information when an HR or Payroll account (list) has access revoked (disabled) or granted (enabled) across Critical and Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1533 | Platform Manager | Access Granted, Access Revoked | Yes | SOX: Network Access Control Systems |
SOX: HR Payroll Acct UAM Detail | This report provides detail of various access modifications to HR or Payroll accounts (list) occurring within Critical or Production environments (entity structure).
Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1534 | Data Processor | Account Modified | Yes | SOX: Network Access Control Systems |
SOX: TST Environment Error Detail | This report provides details around critical or error messages received from test servers or systems (entity structure) to support change management procedures.
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1535 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: TST Authentication Success Detail | This report provides detailed information around account authentication successes across Test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1536 | Data Processor | Authentication Success | No | All Log Sources |
SOX: TST Authentication Failure Detail | This report provides detailed information around account authentication failures across Test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1537 | Platform Manager | Authentication Failure | Yes | All Log Sources |
SOX: TST Access Success Detail | This report provides detailed information around access success for accounts within the Test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1538 | Data Processor | Access Success | No | All Log Sources |
SOX: TST Access Failure Detail | This report provides detailed information around access failures for accounts within the Test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1539 | Data Processor | Access Failure | Yes | All Log Sources |
SOX: TST Priv Acct Authentication Detail | This report provides detailed information around privileged account authentication successes and failures across Test environments (entity structure).
Augment: BAI03.07, BAI03.08, BAI07.04, BAI07.05 | 1540 | Data Processor | Authentication Failure, Authentication Success | Yes, No | All Log Sources |
SOX: Critical Environment Error Detail | This report provides details around critical or error messages received from Critical servers or systems (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1541 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: Production Environment Error Detail | This report provides details around critical or error messages received from Production servers or systems (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1542 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: Backup Failure/Error Detail | This report provides detail of critical and error messages received from backup software (log source list) across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07 | 1543 | Data Processor | Critical, Error | Yes | SOX: Backup Servers- Systems |
SOX: Backup Activity Detail | This report provides detail of activity from backup software (log source list) across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS04.07 | 1544 | Data Processor | Operations | Yes | SOX: Backup Servers- Systems |
SOX: FIM Activity Detail | This report provides detail of file integrity monitoring activity including adds, deletes, modifies, group changes, owner changes, and permissions. The File Integrity Monitoring log source can be established from LogRhythm's FIM or other FIM solutions.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.01, BAI04.03, BAI04.05, BAI07.06, BAI07.07, BAI07.08, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1545 | Data Processor | Operations : Access Success | Yes for FIM | SOX: File Integrity Monitors |
SOX: Config/Policy Change Detail | This report provides details of the occurrence of configuration or policy changes within Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1546 | Data Processor | Configuration, Policy | Yes | All Log Sources |
SOX: Windows Hosts Configuration Change Detail | This report provides detail of configuration changes and policy modifications on Windows hosts across critical and production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1547 | Platform Manager | Configuration | Yes | All Log Sources |
SOX: *NIX Hosts Configuration Change Detail | This report provides detail of configuration changes and policy modifications on production *NIX hosts across critical and production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1548 | Data Processor | Configuration | Yes | All Log Sources |
SOX: Patch Applied Detail | This report provides detail of applied patches grouped by Origin Host. It can demonstrate that all system components have the latest security patches installed.
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1549 | Data Processor | Operations : Information | Yes | All Log Sources |
SOX: Patch Failure Detail | This report provides detailed information around patch failure log messages received across Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1550 | Platform Manager | Operations : Information | Yes | All Log Sources |
SOX: Signature Update Detail | This report provides details on signature update activity across Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1551 | Data Processor | Operations : Information | Yes | All Log Sources |
SOX: Signature Failure Detail | This report provides details of signature failure messages received from Critical and Production environments (entity structure).
Augment: BAI04.03, BAI06.01, BAI06.02, BAI10.02, BAI10.03, BAI10.04 | 1552 | Platform Manager | Operations : Information | Yes | All Log Sources |
SOX: Time Sync Error Detail | This report provides details of time sync errors occurring within Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: BAI04.04, BAI04.05, DSS01.01, DSS01.03, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1553 | Platform Manager | Operations : Warning | Yes | All Log Sources |
SOX: LogRhythm Silent Log Source Error Detail | This report provides detailed information when a LogRhythm Log Source has not received logs during the defined error period, for critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: BAI04.01, BAI04.03, BAI04.04, BAI04.05, BAI07.06, BAI07.07, BAI07.08, BAI10.02, BAI10.03, BAI10.04, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1554 | Platform Manager | Critical, Error | Yes | All Log Sources |
SOX: Malware Detected Detail | This report provides detail of malware activity by entity and impacted host within the organization's Critical and Production environments.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1555 | Platform Manager | Malware, Failed Malware | Yes | SOX: Malware Prevention Systems |
SOX: Vulnerability Detected Detail | This report provides detail of potential vulnerabilities detected across the Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1556 | Platform Manager | Vulnerability, suspicious, Failed Suspicious | Yes | SOX: Network Security Systems |
SOX: Attack Detected Detail | This report provides detailed information on suspected attacks at the boundary including the type of attack and impacted (targeted) host and application (if applicable). This spans across critical and production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1557 | Platform Manager | Security : Activity, Attack, Compromise, Denial Of Service, Failed Activity, Failed Attack, Failed Denial of Service, Failed Misuse, Misuse, Reconnaissance | Yes | SOX: Network Security Systems |
SOX: Rogue Access Point Detail | This report provides detail of all detected rogue wireless access points by Impacted Host across Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.07 | 1558 | Platform Manager | Security : Suspicious | Yes | SOX: Network Security Systems |
SOX: Data Loss Prevention Detail | This report provides detailed information regarding data loss prevention activities identified through configured AIE rules.
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06, DSS05.01
Augment: APO01.03, APO01.06, BAI04.03, DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05, DSS05.02, DSS05.03, DSS05.06, DSS05.07, DSS06.06 | 1559 | Platform Manager | Operations : Information Security : Compromise | Yes | All Log Sources |
SOX: Usage Auditing Event Detail | This report provides details of usage by user. Direct: DSS05.01 Augment: APO07.05, DSS02.01, DSS05.04, DSS05.07, DSS06.03 | 1560 | Platform Manager | Audit | No | All Log Sources |
SOX: System Startup And Shutdown Detail | This report provides details of system startup/shutdown activity by impacted host within the organization's Critical and Production environments (entity structure).
Direct: DSS02.02, DSS02.03, DSS02.04, DSS02.05, DSS02.06
Augment: DSS01.01, DSS02.01, DSS02.07, DSS03.01, DSS03.02, DSS03.03, DSS03.04, DSS03.05 | 1561 | Data Processor | Operations | No | All Log Sources |
Reporting Packages
Reporting Package | Description |
|---|---|
SOX: Weekly Change Control Reporting Package | This reporting package includes summary reports to assist with audit requests around change control procedures and is run on a weekly basis. |
SOX: Weekly UAM Reporting Package | This reporting package includes summary reports to assist with audit requests around user access management, account usage auditing, and/or access provisioning or deprovisioning. This reporting packages is run on a weekly basis. |
SOX: Daily IT Ops Reporting Package | This reporting package includes summary reports to assist with IT operations and is run on a daily basis. |
SOX: Daily IT Security Report Package | This reporting package includes summary reports to assist with IT security activities and is run on a daily basis. |
SOX: Monthly Executive Reporting Package | This reporting package includes log summary reports to depict high-level overviews of critical SOX activities within the environment. This package should be catered to a Director or Executive level audience. This is configured to run on a monthly basis. |