Skip to main content
Skip table of contents

SOX User Guide – Reports and Reporting Packages


SOX reporting is broken into summary and detailed reports in order to present various audiences with appropriate forensic log data and audit requests. Summary reports provide a higher level of information that may be appropriate for some audit and management requests. On the other hand, detailed reports provide additional information and in some reports, raw log data, to facilitate IT Security and Operations.

User Access Management & Account Activity

With a large emphasis on User Access Management (UAM) and account monitoring, the associated reports and user lists are designed to augment and extend the capabilities in this area. Summary reports can provide audit evidence as well as supplemental evidence to facilitate UAM activities. User Lists were designed off common account groupings (privileged accounts, vendor accounts, business user accounts, IT accounts, etc.) and can easily be integrated with existing periodic reviews through the use of Active Directory Sync.

Executive Summary Reports

Various reports are designed to provide a particular audience with necessary forensic data to analyze and use to make strategic decisions in the pursuit of SOX compliance. With this concept in mind, the ‘Top’ reports assist in prioritizing at-risk items or areas of non-compliance in a summary overview. The approach streamlines the information delivery to those executives who may leverage the data for strategic decisions.

These reports are preconfigured to be included within the SOX: Monthly Executive Reporting Package.

Log Requirements

To utilize the summary and detailed reports related to UAM and account monitoring, the organization should try to leverage existing technologies and UAM processes. Access management or provisioning solutions, such as Windows Active Directory, should be included as log sources for this module and respective reports.

‘Top’ executive reports are designed to run against the in-scope SOX environment. With that said, the organization should look to leverage past audit results, risk-based assessments, and Governance, Risk, and Control (GRC) resources. These resources will help translate the audit’s scope into the functionality of the compliance module.

Knowledge Base Content




SOX: Account Created Summary


SOX: Priv Acct Auth Failure Detail


SOX: Vendor Acct UAM Detail


SOX: Top Applications Experiencing Errors Summary


SOX: Top Attacker Summary


SOX: Top Targeted Application Summary


User Lists can be integrated with existing periodic reviews to ensure updates are reflected for more accurate account monitoring and reporting. Audit requests can be addressed through the use of the UAM reports for various user groups (lists). The organization should try to integrate existing UAM and account monitoring activities already in place to further augment related SOX control objectives.

The SOX: Monthly Executive Reporting Package comes pre-configured to include seven (7) ‘Top’ summary reports, but this reporting package can be customized to include additional forensic data requested by management or executive teams. Refer to the SOX Compliance Automation Suite Deployment Guide for detailed instructions.

Reporting Packages

Reporting packages can be easily created or adjusted by a LogRhythm Admin to provide desired content for auditors, executive management, or other individuals requiring output for assessment. Within the SOX module, there are five (5) reporting packages that can be adjusted according to audit and organizational needs. Below are some examples:

Report Package Name

Report Package Description

Report Package ID

SOX: Weekly Change Control Reporting Package

This package includes summary reports to assist with audit requests around change control procedures. This package is run on a weekly basis.


SOX: Weekly UAM Reporting Package

This package includes summary reports to assist with audit requests around user access management, account usage auditing, and/or access provisioning or de-provisioning. This package is run on a weekly basis.


SOX: Daily IT Ops Reporting Package

This package includes summary reports to assist with IT operations. This package is run on a daily basis.


SOX: Daily IT Security Report Package

This package includes summary reports to assist with IT security activities. This package is run on a daily basis.


SOX: Monthly Executive Reporting Package

This package includes log summary reports to depict high-level overviews of critical SOX activities within the environment. This package should be catered to a Director or Executive level audience. This package is run on a monthly basis.


 To create a new Reporting Package to be used at your discretion:

  1. Within your deployment, navigate to the Report Center.
  2. Click the Reporting Packages tab.
  3. In the Select Reports window, select the SOX reports you want included in this reporting package, and then click Next.
  4. In the Override Log Source Criteria window, click Next.

    Do NOT override log source criteria.
  5. In the Configuration window, select the frequency and time frame in which you want the reporting package produced.
  6. Right-click in the report packages grid, and then click New Report Package.
  7. Configure additional settings according to the methods of delivery of report outputs you want, and then click Next.
  8. Type a name and description for the new SOX reporting package, and then click OK to save.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.