Compliance Reports: Report Dependencies for the NWDB Reports

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on Jun 18, 2018
Version 153Show Document
  • View in full screen mode
 

This article introduces dependencies for using the Core Compliance Reports that run against the NetWitness Database (NWDB) and tells you how to implement the reports with the dependencies.

The following table provides the report rules, lists, and application rules required when using the different Core Compliance reports in Security Analytics.

                                                                                                                                                                                                                                      
SA Report TemplateDependencies
Report RuleListApp Rule
Access to Compliance Data - DetailAccess to Compliance Data DetailsCompliance\Compliance DataAlm:cardholder-data
Access to Compliance Data - Top 25Access to Compliance Data Summary
Account ManagementAccounts Modified, Accounts Deleted, Accounts Created  
Accounts CreatedAccounts Created Account:created
Accounts DeletedAccounts Deleted Account:deleted
Accounts DisabledAccounts Disabled account:account-disabled
Accounts ModifiedAccounts Modified Account:modified
Admin Access to Compliance Systems - DetailAdmin Access to Compliance Systems DetailsLogs\Administrative Usersaccount:logon-success
Admin Access to Compliance Systems - Top 25Admin Access to Compliance Systems SummaryCompliance\Compliance Systems
Antivirus Signature UpdateAntivirus Signature Update Av:signature-update
Change in Audit SettingsChange in Audit Settings config:change-audit-setting
Encryption FailuresEncryption Failures encryption:failures
Escalation of Privileges - DetailSuccessful Escalation of Privileges Details access:privilege-escalation-success
Escalation of Privileges - Top 25Successful Escalation of Privileges Summary 
Failed Escalation of Privileges - DetailFailed Escalation of Privileges Details access:privilege-escalation-failure
Failed Escalation of Privileges - Top 25Failed Escalation of Privileges Summary 
Failed Remote Access - DetailFailed Remote Access Details access:remote-failure
Failed Remote Access - Top 25Failed Remote Access Summary 
Firewall Configuration ChangesFirewall Configuration Changes config:fw-config-changesconfigconfigconfig
Firmware Changes Wireless DevicesFirmware Changes on Wireless Devices config:firmware-config-changesconfigconfigconfig
Group ManagementGroup Management account:group-management
Inbound Network Traffic - Top 25Inbound Network Traffic alm:inbound-network-traffic
Key Generation and ChangesEncryption Key Generation and Changes encryption:key-gen-and-changes
Logon Failures - DetailLogon Failures Details account:logon-failure
Logon Failures - Top 25Logon Failures Summary 
Outbound Network Traffic - Top 25Outbound Network Traffic alm:outbound-network-traffic
Password Changes - DetailPassword Changes account:password-change
Password Changes - Top 25Password Changes Summary 
Router Configuration ChangesRouter Configuration Changes config:router-change
Successful Remote Access  - DetailSuccessful Remote Access Details access:remote-success
Successful Remote Access - Top 25Successful Remote Access Summary 
Successful Use of EncryptionSuccessful Use of Encryption encryption:success
System Clock SynchronizationSystem Clock Synchronization alm:system-clock-synch
User Access RevokedUser Access Revoked access:user-access-revoked
User Access to Compliance Systems - DetailUser Access to Compliance Systems DetailsLogs\Administrative Usersaccount:logon-success
User Access to Compliance Systems - Top 25User Access to Compliance Systems SummaryCompliance\Compliance Systems
User Session Terminated - Top 25User Session Terminated Summary Account:logout
You are here
Table of Contents > Compliance Reports: Report Dependencies for the NWDB Reports

Attachments

    Outcomes