Standard Views

The following standard views are supplied by default with Event Manager.

Event Management Views

There are two Event Management Views supplied with Event Manager. These views are designed to provide quick access to events that need reviewing by the appropriate security personnel. Both these rules are designed to comply with Health Insurance Portability and Accountability Act (HIPAA), International Organization of Standards (ISO) and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) regulations

All open events

This view shows all open events that need to be reviewed by an appropriate security administrator.

New and My Pending Events

This view shows a list of all the events that should be reviewed by a specific user or that are currently unassigned.

GDPR Views

There are two GDPR Views supplied with Event Manager. These views are designed to assist an organization to ensure it is meeting General Data Protection Regulation (GDPR) requirements for the protection of the personal data and privacy of EU citizens for transactions that occur within EU member states.

GDPR 5 (1.f) - Database Activity

This view provides a list of all the changes on databases tables, schemas and stored procedures, executed statements (insert, delete, update) on GDPR protected assets.

GDPR 5 (1.f) - User Activity

This view provides a list of all User logons, logoffs, and failed logons, as well as logon/logoff activity trends and the reason for failed logons on GDPR protected assets.

ISO 27001 Views

There is a single ISO 27001 View supplied with Event Manager. This view is designed to ensure any log information is protected so they cannot be removed or modified by unauthorized persons. Generally, when an attacker gains access to an unauthorized system, he removes all the information generated in the logs, to remove evidence of any actions he carried out. Therefore, rules must be set that permit modification of these logs only by certain people, and that the access control measures of the system should be fortified.

ISO27001 A.12.4.2 - Protection of Log information

This view provides a list of all the audit log modification and deletion events.

PCI Views

There are six PCI Views supplied with Event Manager. These views are deigned to ensure compliance with certain regulations of the Payment Card Industry (PCI).

PCI DSS 10.2.4

This view provides a list of all Login Failure events. This reports any invalid logical logon attempts.

PCI DSS 10.2.5.b

This view provides a list of all privilege escalations, and the action taken. This reports the use of and changes to identification and authentication mechanisms-including but not limited to creation of new accounts and elevation of privileges-and all changes, additions, or deletions to accounts with root or administrative privileges.

PCI DSS 10.2.5.c

This view provides a list of any changes, additions, or deletions to any account by a root or administrator user. This reports the use of and changes to identification and authentication mechanisms-including but not limited to creation of new accounts and elevation of privileges-and all changes, additions, or deletions to accounts with root or administrative privileges.

PCI DSS 11.5.a

This view shows file integrity monitoring (FIM) events satisfying the use of change-detection mechanism in PCI DSS 11.5.a. This reports any unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

PCI DSS 8.1.4

This view provides a list of all User Inactivity events. It is a requirement to remove/disable inactive user accounts within 90 days. Accounts that are not used regularly are often targets of attack since it is less likely that any changes (such as a changed password) will be noticed.

PCI DSS 8.1.6.a

This view proves that account lockouts are taking place on monitored devices. Repeated access attempts are prevented by locking out the user ID after not more than six attempts.

Regulacion BCRA Views

These seven views have been specifically created for the regulations required by the Banco Central De La República Argentina.

Please contact your local Event Manager representative if you need to apply any of these views.

SOX Views

There are three SOX views supplied with Event Manager. These views are deigned to ensure compliance with certain regulations of the Sarbanes-Oxley, introduced in 2002 to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures..

Section 302 A.4

This view provides a list of all User logons, logoffs, and failed logons, as well as logon/logoff activity trends and the reason for failed logons on SOX protected assets. Any user access to the system must be recorded and monitored for possible abuse.

Section 302 A.5

This view provides a list of all the audit log modification and deletion events. Logging facilities and log information must be protected against tampering and unauthorized access.

Section 302 A.6

This view provides a list of any changes, additions, or deletions to any account by a root or administrator user. Privileged user accounts and security configuration settings such as adding or removing a user account to an administrative group must be monitored.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
Version: 6.9 | April 2024