SOX User Guide – Reports and Reporting Packages
Reports
SOX reporting is broken into summary and detailed reports in order to present various audiences with appropriate forensic log data and audit requests. Summary reports provide a higher level of information that may be appropriate for some audit and management requests. On the other hand, detailed reports provide additional information and in some reports, raw log data, to facilitate IT Security and Operations.
User Access Management & Account Activity
With a large emphasis on User Access Management (UAM) and account monitoring, the associated reports and user lists are designed to augment and extend the capabilities in this area. Summary reports can provide audit evidence as well as supplemental evidence to facilitate UAM activities. User Lists were designed off common account groupings (privileged accounts, vendor accounts, business user accounts, IT accounts, etc.) and can easily be integrated with existing periodic reviews through the use of Active Directory Sync.
Executive Summary Reports
Various reports are designed to provide a particular audience with necessary forensic data to analyze and use to make strategic decisions in the pursuit of SOX compliance. With this concept in mind, the ‘Top’ reports assist in prioritizing at-risk items or areas of non-compliance in a summary overview. The approach streamlines the information delivery to those executives who may leverage the data for strategic decisions.
These reports are preconfigured to be included within the SOX: Monthly Executive Reporting Package.
Log Requirements
To utilize the summary and detailed reports related to UAM and account monitoring, the organization should try to leverage existing technologies and UAM processes. Access management or provisioning solutions, such as Windows Active Directory, should be included as log sources for this module and respective reports.
‘Top’ executive reports are designed to run against the in-scope SOX environment. With that said, the organization should look to leverage past audit results, risk-based assessments, and Governance, Risk, and Control (GRC) resources. These resources will help translate the audit’s scope into the functionality of the compliance module.
Knowledge Base Content
ID | Name |
|---|---|
1408 | SOX: Account Created Summary |
1491 | SOX: Priv Acct Auth Failure Detail |
1502 | SOX: Vendor Acct UAM Detail |
1409 | SOX: Top Applications Experiencing Errors Summary |
1412 | SOX: Top Attacker Summary |
1415 | SOX: Top Targeted Application Summary |
Actions
User Lists can be integrated with existing periodic reviews to ensure updates are reflected for more accurate account monitoring and reporting. Audit requests can be addressed through the use of the UAM reports for various user groups (lists). The organization should try to integrate existing UAM and account monitoring activities already in place to further augment related SOX control objectives.
The SOX: Monthly Executive Reporting Package comes pre-configured to include seven (7) ‘Top’ summary reports, but this reporting package can be customized to include additional forensic data requested by management or executive teams. Refer to the SOX Compliance Automation Suite Deployment Guide for detailed instructions.
Reporting Packages
Reporting packages can be easily created or adjusted by a LogRhythm Admin to provide desired content for auditors, executive management, or other individuals requiring output for assessment. Within the SOX module, there are five (5) reporting packages that can be adjusted according to audit and organizational needs. Below are some examples:
Report Package Name | Report Package Description | Report Package ID |
|---|---|---|
SOX: Weekly Change Control Reporting Package | This package includes summary reports to assist with audit requests around change control procedures. This package is run on a weekly basis. | 64 |
SOX: Weekly UAM Reporting Package | This package includes summary reports to assist with audit requests around user access management, account usage auditing, and/or access provisioning or de-provisioning. This package is run on a weekly basis. | 65 |
SOX: Daily IT Ops Reporting Package | This package includes summary reports to assist with IT operations. This package is run on a daily basis. | 66 |
SOX: Daily IT Security Report Package | This package includes summary reports to assist with IT security activities. This package is run on a daily basis. | 67 |
SOX: Monthly Executive Reporting Package | This package includes log summary reports to depict high-level overviews of critical SOX activities within the environment. This package should be catered to a Director or Executive level audience. This package is run on a monthly basis. | 68 |
To create a new Reporting Package to be used at your discretion:
- Within your deployment, navigate to the Report Center.
- Click the Reporting Packages tab.
- In the Select Reports window, select the SOX reports you want included in this reporting package, and then click Next.
In the Override Log Source Criteria window, click Next.
Do NOT override log source criteria.- In the Configuration window, select the frequency and time frame in which you want the reporting package produced.
- Right-click in the report packages grid, and then click New Report Package.
- Configure additional settings according to the methods of delivery of report outputs you want, and then click Next.
- Type a name and description for the new SOX reporting package, and then click OK to save.
