RSA Admin

RE: Compliance Reports in NWFL

Discussion created by RSA Admin Employee on Sep 19, 2012

We migrated the enVision Compliance reports over to Informer for use by NWFL customers, GLBA is included in those reports.   You can check them out in Live by looking for the content type Informer Report and then using the Netwitness for Logs Tag to separate them from Nextgen reports.  Here is the current list:

 

Account Management

 

Accounts Created

 

Accounts Deleted

 

Accounts Disabled

 

Accounts Modified

 

Antivirus Signature Update

 

Authentication Failures Details

 

Authentication Failures Top 25

 

Authentication Success Details

 

Authentication Success Top 25

 

Change in Audit Settings

 

Email Recipients Top 25

 

Email Senders Top 25

 

Encryption Failures

 

Escalation of Privileges Details

 

Escalation of Privileges Top 25

 

Failed Escalation of Privileges Details

 

Failed Escalation of Privileges Top 25

 

Failed Remote Access Details

 

Failed Remote Access Top 25

 

Firewall Configuration Changes

 

Firewall Event Categories Top 25

 

Firmware Changes Wireless Devices

 

Firmware Configuration Changes

 

GLBA Accounts Created

 

GLBA Accounts Modified

 

GLBA Antivirus Signature Update

 

GLBA Change in Audit Settings

 

GLBA Encryption Failures

 

GLBA Failed Remote Access Details

 

GLBA Failed Remote Access Top 25

 

GLBA Group Management

 

GLBA Inbound Network Traffic

 

GLBA Outbound Network Traffic

 

GLBA Password Changes Details

 

GLBA Password Changes Top 25

 

GLBA Successful Remote Access Details

 

GLBA Successful Remote Access Top 25

 

GLBA Successful Use of Encryption

 

GLBA User Access Revoked

 

GLBA User Account Management

 

GPG13 Access Audited Data Details

 

GPG13 Access Audited Data Top 25

 

GPG13 Accounts Created

 

GPG13 Accounts Deleted

 

GPG13 Accounts Modified

 

GPG13 Admin Access GPG13 Systems Details

 

GPG13 Admin Access GPG13 Systems Top 25

 

GPG13 Admin Access Systems Details

 

GPG13 Escalation of Privileges

 

GPG13 Failed Remote Access Details

 

GPG13 Firewall Configuration Changes

 

GPG13 Group Management

 

GPG13 Internal Network Traffic

 

GPG13 Logon Failures Details

 

GPG13 Logon Failures Top 25

 

GPG13 Perimeter Network Traffic Top 25

 

GPG13 Router Configuration Changes

 

GPG13 Successful Remote Access

 

GPG13 System Clock Synchronization

 

GPG13 User Access GPG13 Systems Details

 

GPG13 User Access GPG13 Systems Top 25

 

Group Management

 

HIPAA Access ePHI Data Details

 

HIPAA Access ePHI Data Top 25

 

HIPAA Accounts Created

 

HIPAA Accounts Deleted

 

HIPAA Accounts Modified

 

HIPAA Admin Access HIPAA Systems Details

 

HIPAA Admin Access HIPAA Systems Top 25

 

HIPAA Change in Audit Settings

 

HIPAA Escalation of Privileges

 

HIPAA Group Management

 

HIPAA Logon Failures Details

 

HIPAA Logon Failures Top 25

 

HIPAA Password Changes

 

HIPAA User Access HIPAA Systems Details

 

HIPAA User Access HIPPA Systems Top 25

 

HIPAA User Access Revoked

 

HIPAA User Management

 

Inbound Network Traffic Top 25

 

Intrusion Alarm Categories Top 25

 

Intrusion Alarm Destinations Top 25

 

Intrusion Alarm Levels Top 25

 

Intrusion Alarm Sources Top 25

 

Intrusion Alarms by Name and Level

 

Intrusion Alarms Top 25

 

Intrusion All Activity

 

Key Generation and Changes

 

Logoff Activity Top 25

 

Logon Failures Details

 

Logon Failures Top 25

 

Mailserver Error Conditions

 

Malware Detection Details

 

Malware Detection Top 25

 

Malware Disposition Top 25

 

NERC Access Cyber Asset Info Details

 

NERC Access Cyber Asset Info Top 25

 

NERC Accounts Created

 

NERC Accounts Deleted

 

NERC Accounts Modified

 

NERC Admin Access Cyber Assets Details

 

NERC Admin Access Cyber Assets Top 25

 

NERC Antivirus Signature Update

 

NERC Escalation of Privileges

 

NERC Failed Remote Access Details

 

NERC Failed Remote Access Top 25

 

NERC Firewall Configuration Changes

 

NERC Firmware Changes Wireless Devices

 

NERC Group Management

 

NERC Logon Failures Details

 

NERC Logon Failures Top 25

 

NERC Router Configuration Changes

 

NERC Successful Remote Access Details

 

NERC Successful Remote Access Top 25

 

NERC User Access Cyber Asset Top 25

 

NERC User Access Cyber Assets Details

 

NERC User Access Revoked

 

Outbound Files

 

Outbound Network Traffic Top 25

 

Password Changes

 

PCI Access Card holder Data Details

 

PCI Access Card holder Data Top 25

 

PCI Accounts Created

 

PCI Accounts Deleted

 

PCI Accounts Modified

 

PCI Admin Access PCI Systems Details

 

PCI Admin Access PCI Systems Top 25

 

PCI Antivirus Signature Update

 

PCI Change in Audit Settings

 

PCI Encryption Failures

 

PCI Escalation of Privileges

 

PCI Firewall Configuration Changes

 

PCI Firmware changes Wireless Devices

 

PCI Group Management

 

PCI Inbound Network Traffic

 

PCI Key Generation and Changes

 

PCI Logon Failures Details

 

PCI Logon Failures Top 25

 

PCI Outbound Network Traffic

 

PCI Password Changes

 

PCI Router Configuration Changes

 

PCI System Clock Synchronization

 

PCI User Access PCI Systems Details

 

PCI User Access PCI Systems Top 25

 

PCI User Access Revoked

 

PCI User Account Management

 

PCI User Session Terminated Top 25

 

Rogue AP Detection

 

Router Configuration Changes

 

SOX Accounts Created

 

SOX Accounts Deleted

 

SOX Accounts Modified

 

SOX Admin Access SOX Systems Details

 

SOX Admin Access SOX Systems Top 25

 

SOX Change in Audit Settings

 

SOX Financial Data Access Details

 

SOX Financial Data Access Top 25

 

SOX Group Management

 

SOX Logon Failures Details

 

SOX Logon Failures Top 25

 

SOX Password Changes

 

SOX User Access Revoked

 

SOX User Access SOX Systems Details

 

SOX User Access to SOX Systems Top 25

 

SOX User Account Management

 

SSAE16 Accounts Created

 

SSAE16 Accounts Deleted

 

SSAE16 Accounts Modified

 

SSAE16 Admin Access SSAE Systems Details

 

SSAE16 Admin Access SSAE Systems Top 25

 

SSAE16 Change in Audit Settings

 

SSAE16 Financial Data Access Details

 

SSAE16 Financial Data Access Top 25

 

SSAE16 Group Management

 

SSAE16 Logon Failures Details

 

SSAE16 Logon Failures Top 25

 

SSAE16 Password Changes

 

SSAE16 User Access Revoked

 

SSAE16 User Access SSAE Systems Details

 

SSAE16 User Access SSAE Systems Top 25

 

SSAE16 User Account Management

 

Successful Logons Direct Access

 

Successful Remote Access Details

 

Successful Remote Access Top 25

 

Successful Use of Encryption

 

System Clock Synchronization

 

System Configuration Changes

 

Total Connections by HTTP Status Code

 

Traffic to Non-Standard Ports

 

URL Blocked

 

URL Filetypes

 

User Access Revoked

 

User Session Terminated Top 25

 

Vulnerability Scanner Events

 

Wireless Admin Operations

 

Outcomes