SOX reporting is broken into summary and detailed reports in order to present various audiences with appropriate forensic log data and audit requests. Summary reports provide a higher-level of information that may be appropriate for some audit and management requests. On the other hand, detailed reports provide additional information and in some reports, raw log data, to facilitate IT Security and Operations.
User Access Management & Account Activity
With a large emphasis on User Access Management (UAM) and account monitoring, the associated reports and user lists are designed to augment and extend the capabilities in this area. Summary reports can provide audit evidence as well as supplemental evidence to facilitate UAM activities. User Lists were designed off common account groupings (privileged accounts, vendor accounts, business user accounts, IT accounts, etc.) and can easily be integrated with existing periodic reviews through the use of Active Directory Sync.
Executive Summary Reports
Various reports are designed to provide a particular audience with necessary forensic data to analyze and use to make strategic decisions in the pursuit of SOX compliance. With this concept in mind, the ‘Top’ reports assist in prioritizing at-risk items or areas of non-compliance in a summary overview. The approach streamlines the information delivery to those executives who may leverage the data for strategic decisions.
These reports are preconfigured to be included within the SOX: Monthly Executive Reporting Package.
To utilize the summary and detailed reports related to UAM and account monitoring, the organization should try to leverage existing technologies and UAM processes. Access management or provisioning solutions, such as Windows Active Directory, should be included as log sources for this module and respective reports.
‘Top’ executive reports are designed to run against the in-scope SOX environment. With that said, the organization should look to leverage past audit results, risk-based assessments, and Governance, Risk, and Control (GRC) resources. These resources will help translate the audit’s scope into the functionality of the compliance module.
Knowledge Base Content
SOX: Account Created Summary
SOX: Priv Acct Auth Failure Detail
SOX: Vendor Acct UAM Detail
SOX: Top Applications Experiencing Errors Summary
SOX: Top Attacker Summary
SOX: Top Targeted Application Summary
User Lists can be integrated with existing periodic reviews to ensure updates are reflected for more accurate account monitoring and reporting. Audit requests can be addressed through the use of the UAM reports for various user groups (lists). The organization should try to integrate existing UAM and account monitoring activities already in place to further augment related SOX control objectives.
The SOX: Monthly Executive Reporting Package comes pre-configured to include seven (7) ‘Top’ summary reports, but this reporting package can be customized to include additional forensic data requested by management or executive teams. Refer to the SOX Compliance Automation Suite Deployment Guide for detailed instructions.
Reporting packages can be easily created or adjusted by a LogRhythm Admin to provide desired content for auditors, executive management, or other individuals requiring output for assessment. Within the SOX module there are five (5) reporting packages that can be adjusted according to audit and organizational needs. Below are some examples:
Report Package Name
Report Package Description
Report Package ID
SOX: Weekly Change Control Reporting Package
This package includes summary reports to assist with audit requests around change control procedures. This package is run on a weekly basis.
SOX: Weekly UAM Reporting Package
This package includes summary reports to assist with audit requests around user access management, account usage auditing, and/or access provisioning or de-provisioning. This package is run on a weekly basis.
SOX: Daily IT Ops Reporting Package
This package includes summary reports to assist with IT operations. This package is run on a daily basis.
SOX: Daily IT Security Report Package
This package includes summary reports to assist with IT security activities. This package is run on a daily basis.
SOX: Monthly Executive Reporting Package
This package includes log summary reports to depict high-level overviews of critical SOX activities within the environment. This package should be catered to a Director or Executive level audience. This package is run on a monthly basis.
To create a new Reporting Package to be used at your discretion:
- Within your deployment, navigate to the Report Center.
- Click the Reporting Packages tab.
- In the Select Reports window, select the SOX reports you want included in this reporting package, and then click Next.
In the Override Log Source Criteria window, click Next.Do NOT override log source criteria.
- In the Configuration window, select the frequency and time frame in which you want the reporting package produced.
- Right-click in the report packages grid, and then click New Report Package.
- Configure additional settings according to the methods of delivery of report outputs you want, and then click Next.
- Type a name and description for the new SOX reporting package, and then click OK to save.