loglogic fisma compliance suite quick start guide v3.3
TRANSCRIPT
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.
TIBCO, Two-Second Advantage and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. and/or subsidiaries of TIBCO Software Inc. in the United States and/or other countries.
All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.
THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. PLEASE SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
Copyright © 2002-2012 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
CONTENTS
Contents
Preface : About This Guide
Technical Support Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Documentation Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 1: LogLogic Reports and Alerts for FISMA
LogLogic Reports for FISMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
LogLogic Alerts for FISMA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
LogLogic Reports and Alerts Quick Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
FISMA Compliance Suite Quick Start Guide 3
PREFACE :
About This Guide
The LogLogic FISMA Compliance Suite Guidebook provides introduction and overview information regarding the Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology’s (NIST) standards and security procedures. It also covers topics related to managing LogLogic’s FISMA compliance reports, alerts, and using log data collected and aggregated from all types of source systems to monitor and report on FISMA compliance.
Technical Support InformationLogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your LogLogic Compliance Suites.
To reach the LogLogic Support team by telephone:
Toll Free—1-800-957-LOGS
Local—1-408-834-7480
EMEA— +44 1480 479391
Email: [email protected]
Support Website: http://loglogic.com/contact/customer-support
When contacting LogLogic Support, be prepared to provide the following information:
Your name, email address, phone number, and fax number Your company name and company address Your appliance model and release version Serial number located on the back of the Appliance or the eth0 MAC address A description of the problem and the content of pertinent error messages (if any)
Documentation Support InformationThe LogLogic documentation includes Portable Document Format (PDF) files. To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at http://www.adobe.com.
Contact Information
Your feedback on the LogLogic documentation is important to us. If you have questions or comments, send email to [email protected]. In your email message, please indicate the software name and version you are using, as well as the title and document release date of your documentation. Your comments will be reviewed and addressed by the LogLogic Technical Publications team.
FISMA Compliance Suite Quick Start Guide 5
: Conventions
ConventionsThe LogLogic documentation uses the following conventions to distinguish text and information that might require special attention.
Caution: Highlights important situations that could potentially damage data or cause system failure.
IMPORTANT! Highlights key considerations to keep in mind.
Note: Provides additional information that is useful but not always essential or highlights guidelines and helpful hints.
This guide also uses the following typographic conventions to highlight code and command line elements:
Monospace is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as file names, directories, paths, and URLs).
Monospace bold is used to distinguish system prompts or screen output from user responses, as in this example:
username: system
home directory: home\app
Monospace italic is used for placeholders, which are general names that you replace with names specific to your site, as in this example:
LogLogic_home_directory\upgrade\
Straight brackets signal options in command line syntax.
ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path ...]
6 FISMA Compliance Suite Quick Start Guide
CHAPTER 1:
LogLogic Reports and Alerts for FISMA
This chapter provides a detailed listing of all FISMA specifications with their corresponding LogLogic compliance suite reports and/or alerts.
LogLogic Reports for FISMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
LogLogic Alerts for FISMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
LogLogic Reports and Alerts Quick Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
LogLogic Reports for FISMAThe following table lists the reports included in the LogLogic Compliance Suite: FISMA Edition.
# LogLogic Report Description
1 FISMA: Accepted VPN Connections - RADIUS
Displays all users connected to the internal network through the RADIUS VPN
2 FISMA: Account Activities on UNIX Servers Displays all accounts activities on UNIX servers to ensure authorized and appropriate access.
3 FISMA: Account Activities on Windows Servers
Displays all accounts activities on Windows servers to ensure authorized and appropriate access.
4 FISMA: Accounts Changed on Sidewinder Displays all accounts changed on Sidewinder to ensure authorized and appropriate access.
5 FISMA: Accounts Changed on NetApp Filer Displays all accounts changed on NetApp Filer to ensure authorized and appropriate access.
6 FISMA: Accounts Changed on TIBCO Administrator
Displays all accounts changed on TIBCO Administrator to ensure authorized and appropriate access.
7 FISMA: Accounts Created on NetApp Filer Displays all accounts created on NetApp Filer to ensure authorized and appropriate access.
8 FISMA: Accounts Created on NetApp Filer Audit
Displays all accounts created on NetApp Filer Audit to ensure authorized and appropriate access.
9 FISMA: Accounts Created on Sidewinder Displays all accounts created on Sidewinder to ensure authorized and appropriate access.
10 FISMA: Accounts Created on Symantec Endpoint Protection
Displays all accounts created on Symantec Endpoint Protection to ensure authorized and appropriate access.
11 FISMA: Accounts Created on TIBCO Administrator
Displays all accounts created on TIBCO Administrator to ensure authorized and appropriate access.
12 FISMA: Accounts Created on UNIX Servers Displays all accounts created on UNIX servers to ensure authorized and appropriate access.
13 FISMA: Accounts Created on Windows Servers
Displays all accounts created on Windows servers to ensure authorized and appropriate access.
14 FISMA: Accounts Deleted on Sidewinder Displays all accounts deleted on Sidewinder to ensure authorized and appropriate access.
15 FISMA: Accounts Deleted on NetApp Filer Displays all accounts deleted on NetApp Filer to ensure authorized and appropriate access.
FISMA Compliance Suite Quick Start Guide 7
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
16 FISMA: Accounts Deleted on NetApp Filer Audit
Displays all accounts deleted on NetApp Filer Audit to ensure authorized and appropriate access.
17 FISMA: Accounts Deleted on Symantec Endpoint Protection
Displays all accounts deleted on Symantec Endpoint Protection to ensure authorized and appropriate access.
18 FISMA: Accounts Deleted on TIBCO Administrator
Displays all accounts deleted on TIBCO Administrator to ensure authorized and appropriate access.
19 FISMA: Accounts Deleted on UNIX Servers Displays all accounts deleted on UNIX servers to ensure authorized and appropriate access.
20 FISMA: Accounts Deleted on Windows Servers
Displays all accounts deleted on Windows servers to ensure authorized and appropriate access.
21 FISMA: Active Directory System Changes Displays changes made within Active Directory.
22 FISMA: Administrators Activities on Servers
Displays the latest activities performed by administrators and root users to ensure appropriate access.
23 FISMA: Applications Under Attack Displays all applications under attack as well as the attack signatures.
24 FISMA: Applications Under Attack - Cisco IOS
Displays all applications under attack as well as the attack signatures by Cisco IOS.
25 FISMA: Applications Under Attack - ISS SiteProtector
Displays all applications under attack as well as the attack signatures by ISS SiteProtector.
26 FISMA: Applications Under Attack - SiteProtector
Displays all applications under attack as well as the attack signatures by SiteProtector.
27 FISMA: Attack Origins Displays the sources that have initiated the most attacks.
28 FISMA: Attack Origins - Cisco IOS Displays the sources that have initiated the most attacks by Cisco IOS.
29 FISMA: Attack Origins - ISS SiteProtector Displays the sources that have initiated the most attacks by ISS SiteProtector.
30 FISMA: Attack Origins - SiteProtector Displays the sources that have initiated the most attacks by SiteProtector.
31 FISMA: Attacks Detected Displays all IDS attacks detected to servers and applications.
32 FISMA: Attacks Detected - Cisco IOS Displays all IDS attacks detected to servers and applications by Cisco IOS.
33 FISMA: Attacks Detected - ISS SiteProtector Displays all IDS attacks detected to servers and applications by ISS SiteProtector.
34 FISMA: Attacks Detected - SiteProtector Displays all IDS attacks detected to servers and applications by SiteProtector.
35 FISMA: Check Point Configuration Changes Displays all Check Point audit events related to configuration changes.
36 FISMA: Check Point Management Station Login
Displays all login events into the Check Point Management Station.
37 FISMA: Check Point Object Activity Displays all creation, deletion, and modification of Check Point objects.
38 FISMA: Cisco ESA: Attacks by Event ID Displays Cisco ESA attacks by Event ID.
39 FISMA: Cisco ESA: Attacks Detected Displays attacks detected by Cisco ESA.
40 FISMA: Cisco ESA: Attacks by Threat Name Displays Cisco ESA attacks by threat name.
41 FISMA: Cisco ESA: Scans Scans using Cisco ESA
42 FISMA: Cisco ESA: Updated Updates to Cisco ESA.
43 FISMA: Cisco ISE, ACS Accounts Created Displays all accounts created on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access.
44 FISMA: Cisco ISE, ACS Accounts Removed Displays all accounts removed on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access.
45 FISMA: Cisco ISE, ACS Configuration Changes
Displays Cisco ISE and Cisco SecureACS configuration changes.
# LogLogic Report Description
8 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
46 FISMA: Cisco ISE, ACS Password Changes Displays all password change activities on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access.
47 FISMA: Cisco Line Protocol Status Changes Displays all Cisco line protocol up and down events.
48 FISMA: Cisco Link Status Changes Displays all Cisco link up and down events.
49 FISMA: Cisco Peer Reset/Reload Displays all Cisco Peer reset and reload events.
50 FISMA: Cisco Peer Supervisor Status Changes
Displays all Cisco Peer Supervisor status changes.
51 FISMA: Cisco PIX, ASA, FWSM Failover Disabled
Displays all logs related to disabling Cisco PIX, ASA, and FWSM failover capability.
52 FISMA: Cisco PIX, ASA, FWSM Failover Performed
Displays all logs related to performing a Cisco PIX, ASA, and FWSM failover.
53 FISMA: Cisco PIX, ASA, FWSM Policy Changed
Displays all configuration changes made to the Cisco PIX, ASA, and FWSM devices.
54 FISMA: Cisco PIX, ASA, FWSM Restarted Displays all Cisco PIX, ASA, or FWSM restart activities to detect unusual activities.
55 FISMA: Cisco PIX, ASA, FWSM Routing Failure
Displays all Cisco PIX, ASA, and FWSM routing error messages.
56 FISMA: Cisco Redundancy Version Check Failed
Displays all Cisco redundancy version check failures.
57 FISMA: Cisco Switch Policy Changes Displays all configuration changes to the Cisco router and switch policies.
58 FISMA: Cisco System Restarted Displays all Cisco System restart events.
59 FISMA: DB2 Database Backup Failed Displays all IBM DB2 Database Server backup failures.
60 FISMA: DB2 Database Failed Logins Displays all failed login attempts to review any access violations or unusual activity.
61 FISMA: DB2 Database Logins Displays DB2 database logins.
62 FISMA: DB2 Database Restore Failed Displays all IBM DB2 Database restore failure events.
63 FISMA: DB2 Database Stop and Start Events Displays DB2 database events related to starting and stopping the database.
64 FISMA: Denied VPN Connections - RADIUS
Displays all users denied access to the internal network by the RADIUS VPN.
65 FISMA: DHCP Granted/Renewed Activities on Microsoft DHCP
Displays all DHCP Granted/Renewed activities on Microsoft DHCP Server.
66 FISMA: DHCP Granted/Renewed Activities on VMware vShield
Displays all DHCP Granted/Renewed activities on VMware vShield Edge.
67 FISMA: DNS Server Error Displays all events when DNS Server has errors.
68 FISMA: Domain Activities on Symantec Endpoint Protection
Display all domain activities on Symantec Endpoint Protection.
69 FISMA: Escalated Privilege Activities on Servers
Displays all privilege escalation activities performed on servers to ensure appropriate access.
70 FISMA: ESX Accounts Activities Displays all accounts activities on VMware ESX servers to ensure authorized and appropriate access.
71 FISMA: ESX Accounts Created Displays all accounts created on VMware ESX servers to ensure authorized and appropriate access.
72 FISMA: ESX Accounts Deleted Displays all accounts deleted on VMware ESX servers to ensure authorized and appropriate access.
73 FISMA: ESX Failed Logins Failed VMware ESX logins for known user.
# LogLogic Report Description
FISMA Compliance Suite Quick Start Guide 9
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
74 FISMA: ESX Group Activities Displays all group activities on VMware ESX servers to ensure authorized and appropriate access.
75 FISMA: ESX Kernel log daemon terminating Displays all VMware ESX Kernel log daemon terminating.
76 FISMA: ESX Kernel logging Stop Displays all VMware ESX Kernel logging stops.
77 FISMA: ESX Logins Failed Unknown User Failed VMware ESX logins for unknown user.
78 FISMA: ESX Logins Succeeded Displays successful logins to VMware ESX to ensure only authorized personnel have access.
79 FISMA: ESX Syslogd Restart Displays all VMware ESX syslogd restarts.
80 FISMA: F5 BIG-IP TMOS Login Failed Displays all F5 BIG-IP TMOS Login events which have failed.
81 FISMA: F5 BIG-IP TMOS Login Successful Displays all F5 BIG-IP TMOS Login events which have succeeded.
82 FISMA: F5 BIG-IP TMOS Password Changes
Displays all password change activities on F5 BIG-IP TMOS to ensure authorized and appropriate access.
83 FISMA: F5 BIG-IP TMOS Restarted Displays all events when the F5 BIG-IP TMOS has been restarted.
84 FISMA: Files Accessed on NetApp Filer Audit
Displays all files accessed on NetApp Filer Audit to ensure appropriate access.
85 FISMA: Files Accessed on Servers Displays all files accessed on servers to ensure appropriate access.
86 FISMA: Files Accessed through Juniper SSL VPN (Secure Access)
Displays all files accessed through Juniper SSL VPN (Secure Access).
87 FISMA: Firewall Connections Accepted - Check Point
Displays all traffic passing through the Check Point firewall.
88 FISMA: Firewall Connections Accepted - Cisco ASA
Displays all traffic passing through the Cisco ASA firewall.
89 FISMA: Firewall Connections Accepted - Cisco FWSM
Displays all traffic passing through the Cisco FWSM firewall.
90 FISMA: Firewall Connections Accepted - Cisco IOS
Displays all traffic passing through the Cisco IOS firewall.
91 FISMA: Firewall Connections Accepted - Cisco Netflow
Displays all traffic passing through the Cisco Netflow.
92 FISMA: Firewall Connections Accepted - Cisco NXOS
Displays all traffic passing through the Cisco NXOS devices.
93 FISMA: Firewall Connections Accepted - Cisco PIX
Displays all traffic passing through the Cisco PIX firewall.
94 FISMA: Firewall Connections Accepted - F5 BIG-IP TMOS
Displays all traffic passing through the F5 BIG-IP TMOS device.
95 FISMA: Firewall Connections Accepted - Fortinet
Displays all traffic passing through the Fortinet firewall.
96 FISMA: Firewall Connections Accepted - Juniper Firewall
Displays all traffic passing through the Juniper Firewall.
97 FISMA: Firewall Connections Accepted - Juniper JunOS
Displays all traffic passing through the Juniper JunOS firewall.
98 FISMA: Firewall Connections Accepted - Juniper RT Flow
Displays all traffic passing through the Juniper RT Flow.
99 FISMA: Firewall Connections Accepted - Nortel
Displays all traffic passing through the Nortel firewall.
100 FISMA: Firewall Connections Accepted - PANOS
Displays all traffic passing through the Palo Alto Networks firewall.
# LogLogic Report Description
10 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
101 FISMA: Firewall Connections Accepted - Sidewinder
Displays all traffic passing through the Sidewinder firewall.
102 FISMA: Firewall Connections Accepted - VMware vShield
Displays all traffic passing through the VMware vShield device.
103 FISMA: Firewall Connections Denied - Check Point
Displays the traffic that has been denied access by the Check Point to review access violations.
104 FISMA: Firewall Connections Denied - Cisco ASA
Displays the applications that have been denied access the most by the Cisco ASA devices.
105 FISMA: Firewall Connections Denied - Cisco FWSM
Displays the applications that have been denied access the most by the Cisco FWSM devices.
106 FISMA: Firewall Connections Denied - Cisco IOS
Displays the traffic that has been denied access by the Cisco IOS to review access violations.
107 FISMA: Firewall Connections Denied - Cisco NXOS
Displays the applications that have been denied access the most by the Cisco NXOS to review access violations.
108 FISMA: Firewall Connections Denied - Cisco PIX
Displays the applications that have been denied access the most by the Cisco PIX devices.
109 FISMA: Firewall Connections Denied - Cisco Router
Displays the applications that have been denied access the most by the Cisco Router.
110 FISMA: Firewall Connections Denied - F5 BIG-IP TMOS
Displays the applications that have been denied access the most by the F5 BIG-IP TMOS .
111 FISMA: Firewall Connections Denied - Fort-inet
Displays the applications that have been denied access the most by the Fortinet devices.
112 FISMA: Firewall Connections Denied - Juni-per Firewall
Displays the applications that have been denied access the most by the Juniper firewalls.
113 FISMA: Firewall Connections Denied - Juni-per JunOS
Displays the applications that have been denied access the most by the Juniper JunOS.
114 FISMA: Firewall Connections Denied - Juni-per RT Flow
Displays the applications that have been denied access the most by the Juniper RT Flow.
115 FISMA: Firewall Connections Denied - Nortel
Displays the applications that have been denied access the most by the Nortel devices.
116 FISMA: Firewall Connections Denied - PANOS
Displays the applications that have been denied access the most by the Palo Alto Networks devices.
117 FISMA: Firewall Connections Denied - Sidewinder
Displays the applications that have been denied access the most by the Sidewinder to review access violations.
118 FISMA: Firewall Connections Denied - VMware vShield
Displays the applications that have been denied access the most by the VMware vShield.
119 FISMA: Firewall Traffic Considered Risky - Check Point
Displays Check Point allowed firewall traffic that is considered risky.
120 FISMA: Firewall Traffic Considered Risky - Cisco ASA
Displays Cisco ASA allowed firewall traffic that is considered risky.
121 FISMA: Firewall Traffic Considered Risky - Cisco FWSM
Displays Cisco FWSM allowed firewall traffic that is considered risky.
122 FISMA: Firewall Traffic Considered Risky - Cisco IOS
Displays Cisco IOS firewall traffic that is considered risky.
123 FISMA: Firewall Traffic Considered Risky - Cisco Netflow
Displays Cisco Netflow allowed firewall traffic that is considered risky.
124 FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
Displays F5 BIG-IP TMOS allowed firewall traffic that is considered risky.
# LogLogic Report Description
FISMA Compliance Suite Quick Start Guide 11
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
125 FISMA: Firewall Traffic Considered Risky - Cisco PIX
Displays Cisco PIX allowed firewall traffic that is considered risky.
126 FISMA: Firewall Traffic Considered Risky - Fortinet
Displays Fortinet allowed firewall traffic that is considered risky.
127 FISMA: Firewall Traffic Considered Risky - Juniper Firewall
Displays Juniper firewall allowed firewall traffic that is considered risky.
128 FISMA: Firewall Traffic Considered Risky - Juniper JunOS
Displays Juniper JunOS allowed firewall traffic that is considered risky.
129 FISMA: Firewall Traffic Considered Risky - Juniper RT Flow
Displays Juniper RT Flow allowed firewall traffic that is considered risky.
130 FISMA: Firewall Traffic Considered Risky - Nortel
Displays Nortel allowed firewall traffic that is considered risky.
131 FISMA: Firewall Traffic Considered Risky - PANOS
Displays Palo Alto Networks allowed firewall traffic that is considered risky.
132 FISMA: Firewall Traffic Considered Risky - Sidewinder
Displays Sidewinder allowed firewall traffic that is considered risky.
133 FISMA: Firewall Traffic Considered Risky - VMware vShield
Displays VMware vShield Edge firewall traffic that is considered risky.
134 FISMA: FortiOS: Attacks by Event ID Displays FortiOS attacks by Event ID.
135 FISMA: FortiOS: Attacks by Threat Name Displays FortiOS attacks by threat name.
136 FISMA: FortiOS: Attacks Detected Displays attacks detected by FortiOS.
137 FISMA: FortiOS DLP Attacks Detected Display all DLP attacks detected by FortiOS.
138 FISMA: Guardium SQL Guard Audit Log-ins
Displays all login attempts to the Guardium SQL Server Audit database.
139 FISMA: Guardium SQL Guard Audit Startup or Shutdown
Displays all startup and shutdown events on Guardium SQL Audit Server.
140 FISMA: Guardium SQL Guard Logins Displays all login attempts to the Guardium SQL Server database.
141 FISMA: Guardium SQL Guard Startup or Shutdown
Displays all startup and shutdown events on Guardium SQL Server.
142 FISMA: Group Activities on NetApp Filer Audit
Displays all group activities on NetApp Filer Audit to ensure authorized and appropriate access.
143 FISMA: Group Activities on Symantec End-point Protection
Displays all group activities on Symantec Endpoint Protection to ensure authorized and appropriate access.
144 FISMA: Group Activities on UNIX Servers Displays all group activities on UNIX Servers to ensure authorized and appropriate access.
145 FISMA: Group Activities on Windows Serv-ers
Displays all group activities on Windows Servers to ensure authorized and appropriate access.
146 FISMA: i5/OS DST Password Reset Displays i5/OS events related to the reset of the DST (Dedicated Service Tools) password.
147 FISMA: i5/OS Files Accessed Lists all events when a user gains access an i5/OS file.
148 FISMA: i5/OS Network User Login Failed Lists all events when a network user was denied access into the i5/OS.
149 FISMA: i5/OS Network User Login Successful
LIsts all events when a network user successfully logs into the i5/OS.
150 FISMA: i5/OS Network User Profile Creation
Displays i5/OS events when a network user profile has been created.
151 FISMA: i5/OS Network User Profile Dele-tion
Displays i5/OS events when a network user profile has been deleted.
# LogLogic Report Description
12 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
152 FISMA: i5/OS Network User Profile Modified
Displays all permission modification activities on i5/OS to ensure autho-rized access.
153 FISMA: i5/OS Object Permissions Modified Displays all permission modification activities on i5/OS to ensure autho-rized access.
154 FISMA: i5/OS Restarted Lists all events when the i5/OS has been restarted.
155 FISMA: i5/OS Service Started Lists all events when a user starts a service on the i5/OS.
156 FISMA: i5/OS User Login Failed Lists all events when a user was denied access into the i5/OS.
157 FISMA: i5/OS User Login Successful Lists all events when a user successfully logs into the i5/OS.
158 FISMA: i5/OS User Profile Creation Displays i5/OS events when a user profile has been created.
159 FISMA: i5/OS User Profile Modifications Displays i5/OS events when a user profile has been modified.
160 FISMA: Juniper Firewall HA State Changed Displays state change in the Juniper Firewall HA Policy.
161 FISMA: Juniper Firewall Policy Changed Displays all configuration changes to the Juniper Firewall policies.
162 FISMA: Juniper Firewall Policy Out of Sync Displays events that indicate the Juniper Firewall’s HA policies are out of sync.
163 FISMA: Juniper Firewall Reset Accepted Displays events that indicate the Juniper Firewall has been reset to its fac-tory default state.
164 FISMA: Juniper Firewall Reset Imminent Displays events that indicate the Juniper Firewall will be reset to its fac-tory default state.
165 FISMA: Juniper Firewall Restarted Displays all Juniper Firewall restart events.
166 FISMA: Juniper SSL VPN (Secure Access) Failed Logins
Displays a report of all failed logins at the Juniper SSL VPN (Secure Access).
167 FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
Displays all failed Juniper SSL VPN (Secure Access) logins based on user.
168 FISMA: Juniper SSL VPN (Secure Access) Policy Changed
Displays all configuration changes to the Juniper SSL VPN (Secure Access) policies.
169 FISMA: Juniper SSL VPN (Secure Access) Successful Logins
Displays successful connections through the Juniper SSL VPN (Secure Access).
170 FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
Displays all successful Juniper SSL VPN (Secure Access) logins based on user.
171 FISMA: Juniper SSL VPN Failed Logins Displays a report of all failed logins at the Juniper SSL VPN.
172 FISMA: Juniper SSL VPN Failed Logins by User
Displays all failed logins per user at the Juniper SSL VPN.
173 FISMA: Juniper SSL VPN Successful Logins Displays successful connections through the Juniper SSL VPN.
174 FISMA: Juniper SSL VPN Successful Log-ins by User
Displays all successful logins per user at the Juniper SSL VPN.
175 FISMA: Failed Logins Displays all failed login attempts to review any access violations or unusual activity.
176 FISMA: Successful Logins Displays successful logins to ensure only authorized personnel have access.
177 FISMA: LogLogic Disk Full Displays events that indicate the LogLogic appliance’s disk is near full.
178 FISMA: LogLogic DSM Logins Displays all login attempts to the LogLogic DSM database.
179 FISMA: LogLogic DSM Startup or Shut-down
Displays all startup and shutdown events on LogLogic DSM database.
180 FISMA: LogLogic File Retrieval Errors Displays all errors while retrieving log files from devices, servers and applications.
181 FISMA: LogLogic HA State Changed Displays all LogLogic appliance failover state change events.
# LogLogic Report Description
FISMA Compliance Suite Quick Start Guide 13
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
14 FISMA Compliance Suite Quick Start Guide
182 FISMA: LogLogic Message Routing Errors Displays all log forwarding errors on the LogLogic Appliance to ensure all logs are archived properly.
183 FISMA: LogLogic NTP Service Stopped Displays events that indicate the NTP engine on the LogLogic appliance has stopped.
184 FISMA: McAfee AntiVirus: Attacks by Event ID
Displays McAfee AntiVirus attacks by Event ID.
185 FISMA: McAfee AntiVirus: Attacks by Threat Name
Displays McAfee AntiVirus attacks by threat name.
186 FISMA: McAfee AntiVirus: Attacks Detected
Displays attacks detected by McAfee AntiVirus.
187 FISMA: Microsoft Operations Manager - Windows Accounts Activities
Displays all accounts activities on Windows servers to ensure authorized and appropriate access.
188 FISMA: Microsoft Operations Manager - Windows Accounts Created
Displays all accounts created on Windows servers to ensure authorized and appropriate access.
189 FISMA: Microsoft Operations Manager - Windows Accounts Enabled
Displays all accounts enabled on Windows servers to ensure authorized and appropriate access.
190 FISMA: Microsoft Operations Manager - Windows Events by Users
Displays a summary of access-related Windows events by source and tar-get users.
191 FISMA: Microsoft Operations Manager - Windows Password Changes
Displays all password change activities on Windows servers to ensure authorized and appropriate access.
192 FISMA: Microsoft Operations Manager - Windows Permissions Modified
Displays all permission modification activities on Windows servers to ensure authorized access.
193 FISMA: Microsoft Operations Manager - Windows Policies Modified
Displays all policy modification activities on Windows servers to ensure authorized and appropriate access.
194 FISMA: Microsoft Operations Manager - Windows Servers Restarted
Displays all Windows server restart activities to detect unusual activities.
195 FISMA: Microsoft Sharepoint Content Deleted
Displays all events when content has been deleted from Microsoft Share-point.
196 FISMA: Microsoft Sharepoint Content Updates
Displays all events when content is updated within Microsoft Sharepoint.
197 FISMA: Microsoft Sharepoint Permissions Changed
Displays all delete and update events to Microsoft Sharepoint user/group permissions.
198 FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
Displays all events when a Microsoft Sharepoint policy is added, removed, or modified.
199 FISMA: Microsoft SQL Server Database Failed Logins
Displays failed Microsoft SQL Server database logins.
200 FISMA: Microsoft SQL Server Database Logins
Displays logins to Microsoft SQL Server databases.
201 FISMA: Microsoft SQL Server Backup Failed
Displays all Microsoft SQL Server backup failures.
202 FISMA: Microsoft SQL Server Restore Failed
Displays all Microsoft SQL Server restore failure events.
203 FISMA: NetApp Filer Accounts Locked Displays all accounts locked out of NetApp Filer to detect access viola-tions or unusual activities.
204 FISMA: NetApp Filer Audit Login Failed Displays all NetApp Filer Audit Login events which have failed.
205 FISMA: NetApp Filer Audit Login Success-ful
Displays all NetApp Filer Audit Login events which have succeeded.
206 FISMA: NetApp Filer Audit Logs Cleared Displays all audit logs clearing activities on NetApp Filer Audit to detect access violations or unusual activity.
# LogLogic Report Description
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
207 FISMA: NetApp Filer Audit Policies Modi-fied
Displays all policy modification activities on NetApp Filer Audit to ensure authorized and appropriate access.
208 FISMA: NetApp Filer Disk Failure Displays all disk failure events on the NetApp Filer servers.
209 FISMA: NetApp Filer Disk Missing Displays events that indicate disk missing on the NetApp Filer servers.
210 FISMA: NetApp Filer File activity Display all file activities on NetApp Filer.
211 FISMA: NetApp Filer File System Full Displays events that indicate the NetApp Filer’s disk is near full.
212 FISMA: NetApp Filer Login Failed Displays all NetApp Filer Login events which have failed.
213 FISMA: NetApp Filer Login Successful Displays all NetApp Filer Login events which have succeeded.
214 FISMA: NetApp Filer Password Changes Displays all password change activities on NetApp Filer to ensure autho-rized and appropriate access.
215 FISMA: NetApp Filer Snapshot Error Displays events that indicate backup on the NetApp Filer has failed.
216 FISMA: NTP Clock Synchronized Displays events that indicate NTP has successfully synchronized the clock.
217 FISMA: NTP Daemon Exited Displays events that indicate the NTP service has stopped.
218 FISMA: NTP Server Unreachable Displays events that indicate the remote NTP server is not reachable.
219 FISMA: Oracle Database Logins Displays Oracle database logins.
220 FISMA: Oracle Database Shutdown Displays Oracle database events related to shutting down the server.
221 FISMA: Oracle Database Failed Logins Displays all failed login attempts to the Oracle database.
222 FISMA: PANOS: Attacks by Event ID Displays Palo Alto Networks attacks by Event ID.
223 FISMA: PANOS: Attacks by Threat Name Displays Palo Alto Networks attacks by threat name.
224 FISMA: PANOS: Attacks Detected Displays attacks detected by Palo Alto Networks.
225 FISMA: Password Changes on Windows Servers
Displays all password change activities on Windows servers to ensure authorized and appropriate access.
226 FISMA: Periodic Review of Log Reports Displays all review activities performed by administrators to ensure review for any access violations.
227 FISMA: Periodic Review of User Access Logs
Displays all review activities performed by administrators to ensure review for any access violations.
228 FISMA: Permissions Modified on Windows Servers
Displays all permission modification activities on Windows servers to ensure authorized access.
229 FISMA: Policies Modified on Windows Servers
Displays all policy modification activities on Windows servers to ensure authorized and appropriate access.
230 FISMA: RACF Accounts Created Displays all accounts created on RACF servers to ensure authorized and appropriate access.
231 FISMA: RACF Accounts Deleted Displays all accounts deleted on RACF servers to ensure authorized and appropriate access.
232 FISMA: RACF Accounts Modified Displays all events when a network user profile has been modified.
233 FISMA: RACF Failed Logins Displays all failed login attempts to review any access violations or unusual activity.
234 FISMA: RACF Files Accessed Displays all files accessed on RACF servers to ensure appropriate access.
235 FISMA: RACF Password Changed Displays all password change activities on RACF servers to ensure autho-rized and appropriate access.
236 FISMA: RACF Permissions Changed Displays all permission modification activities on RACF to ensure autho-rized access.
237 FISMA: RACF Process Started Displays all processes started on the RACF servers.
238 FISMA: RACF Successful Logins Displays successful logins to ensure only authorized personnel have access.
# LogLogic Report Description
FISMA Compliance Suite Quick Start Guide 15
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
239 FISMA: Software Update Successes on i5/OS
Displays all successful events related to the system’s software or patch update.
240 FISMA: Sybase ASE Database Backup and Restoration
Displays Sybase ASE DUMP and LOAD events
241 FISMA: Sybase ASE Database Startup or Shutdown
Displays all startup and shutdown events for the Sybase database.
242 FISMA: Sybase ASE Failed Logins Displays failed Sybase ASE database logins.
243 FISMA: Sybase ASE Successful Logins Displays successful Sybase ASE database logins.
244 FISMA: Symantec AntiVirus: Attacks by Threat Name
Displays Symantec AntiVirus attacks by threat name.
245 FISMA: Symantec AntiVirus: Attacks Detected
Displays attacks detected by Symantec AntiVirus.
246 FISMA: Symantec AntiVirus: Scans Displays scans using Symantec Endpoint Protection.
247 FISMA: Symantec AntiVirus: Updated Displays updates to Symantec Endpoint Protection.
248 FISMA: Symantec Endpoint Protection: Attacks by Threat Name
Displays Symantec Endpoint Protection attacks by threat name.
249 FISMA: Symantec Endpoint Protection: Attacks Detected
Displays attacks detected by Symantec Endpoint Protection
250 FISMA: Symantec Endpoint Protection Con-figuration Changes.
Displays Symantec Endpoint Protection configuration changes
251 FISMA: Symantec Endpoint Protection Password Changes
Displays all password change activities on Symantec Endpoint Protection to ensure authorized and appropriate access.
252 FISMA: Symantec Endpoint Protection Pol-icy Add, Remove, or Modify
Displays all events when a Symantec Endpoint Protection policy is added, removed, or modified.
253 FISMA: Symantec Endpoint Protection: Scans
Displays scans using Symantec Endpoint Protection.
254 FISMA: Symantec Endpoint Protection: Updated
Updates to Symantec Endpoint Protection.
255 FISMA: System Restarted Displays all logs related to system restarts.
256 FISMA: TIBCO Administrator Password Changes
Displays all password change activities on TIBCO Administrator to ensure authorized and appropriate access.
257 FISMA: TIBCO Administrator Permission Changes
Displays events related to TIBCO Administrator permission modifications.
258 FISMA: TrendMicro Control Manager: Attacks Detected
Displays attacks detected by TrendMicro Control Manager.
259 FISMA: TrendMicro Control Manager: Attacks Detected by Threat
Displays attacks detected by TrendMicro Control Manager by threat name.
260 FISMA: TrendMicro OfficeScan: Attacks Detected
Displays attacks detected by TrendMicro OfficeScan.
261 FISMA: TrendMicro OfficeScan: Attacks Detected by Threat Name
Displays attacks detected by TrendMicro OfficeScan by threat name.
262 FISMA: UNIX Failed Logins Failed UNIX logins for known and unknown users.
263 FISMA: vCenter Change Attributes Modification of VMware vCenter and VMware ESX properties.
264 FISMA: vCenter Data Move Entity has been moved within the VMware vCenter infrastructure.
265 FISMA: vCenter Datastore Events Displays create, modify, and delete datastore events on VMware vCenter.
266 FISMA: vCenter Failed Logins Failed logins to the VMware vCenter console.
# LogLogic Report Description
16 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
267 FISMA: vCenter Modify Firewall Policy Displays changes to the VMware ESX allowed services firewall policy.
268 FISMA: vCenter Orchestrator Change Attributes
Modification of VMware vCenter Orchestrator properties.
269 FISMA: vCenter Orchestrator Datastore Events
Displays create, modify, and delete datastore events on VMware vCenter Orchestrator.
270 FISMA: vCenter Orchestrator Data Move Entity has been moved within the VMware vCenter Orchestrator infrastructure.
271 FISMA: vCenter Orchestrator Failed Logins Display all failed logins for VMWare vCenter Orchestrator.
272 FISMA: vCenter Orchestrator Virtual Machine Created
Virtual machine has been created from VMware vCenter Orchestrator.
273 FISMA: vCenter Orchestrator Virtual Machine Deleted
Virtual machine has been deleted from VMware vCenter Orchestrator.
274 FISMA: vCenter Orchestrator Virtual Machine Shutdown
Virtual machine has been shutdown or paused from VMware vCenter Orchestrator console.
275 FISMA: vCenter Orchestrator Virtual Machine Started
Virtual machine has been started or resumed from VMware vCenter Orchestrator console.
276 FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
vSwitch has been added, modified or removed from VMware vCenter Orchestrator console.
277 FISMA: vCenter Resource Usage Change Resources have changed on VMware vCenter.
278 FISMA: vCenter Restart ESX Services VMware vCenter restarted services running on VMware ESX Server.
279 FISMA: vCenter Shutdown or Restart of ESX Server
VMware ESX Server is shutdown or restarted from VMware vCenter console.
280 FISMA: vCenter Successful Logins Successful logins to the VMware vCenter console.
281 FISMA: vCenter User Permission Change A permission role has been added, changed, removed, or applied to a user on VMware vCenter server.
282 FISMA: vCenter Virtual Machine Created Virtual machine has been created from VMware vCenter console.
283 FISMA: vCenter Virtual Machine Deleted Virtual machine has been deleted or removed from VMware vCenter console.
284 FISMA: vCenter Virtual Machine Shutdown Virtual machine has been shutdown or paused from VMware vCenter console.
285 FISMA: vCenter Virtual Machine Started Virtual machine has been started or resumed from VMware vCenter console.
286 FISMA: vCenter vSwitch Added, Changed or Removed
vSwitch on VMware ESX server has been added, modified or removed from the VMware vCenter console.
287 FISMA: vCloud Failed Logins Failed logins to the VMware vCloud Director console.
288 FISMA: vCloud Organization Created VMware vCloud Director organization created events.
289 FISMA: vCloud Organization Deleted VMware vCloud Director organization deleted events.
290 FISMA: vCloud Organization Modified VMware vCloud Director organization modified events.
291 FISMA: vCloud Successful Logins Successful logins to the VMware vCloud Director console.
292 FISMA: vCloud User Created VMware vCloud Director user created events.
293 FISMA: vCloud User Deleted or Removed VMware vCloud Director users have been deleted or removed from the system.
294 FISMA: vCloud vApp Created, Modified, or Deleted
VMware vCloud Director vApp created, deleted, and modified events.
295 FISMA: vCloud vDC Create, Modify, or Delete
VMware vCloud Director virtual datacenter created, modified, or deleted events.
# LogLogic Report Description
FISMA Compliance Suite Quick Start Guide 17
LogLogic Reports and Alerts for FISMA : LogLogic Reports for FISMA
296 FISMA: VPN Active Connections Displays all currently active VPN connections.
297 FISMA: VPN Connection Disconnect Reasons
Displays the disconnect reasons for VPN connections.
298 FISMA: VPN Connections by Users Displays users who are made the most connections.
299 FISMA: VPN Denied Connections by Users Displays users with the most denied connections.
300 FISMA: VPN Sessions by Users Displays all VPN sessions categorized by authenticated users.
301 FISMA: VPN Users Accessing Corporate Network
Displays all users logging into the corporate network via Virtual Private Network to ensure appropriate access.
302 FISMA: vShield Edge Configuration Changes
Displays changes to VMware vShield Edge policies.
303 FISMA: Windows Accounts Enabled Displays all accounts enabled on Windows servers to ensure authorized and appropriate access.
304 FISMA: Windows Accounts Locked Displays all accounts locked out of Windows servers to detect access violations or unusual activities.
305 FISMA: Windows Audit Logs Cleared Displays all audit logs clearing activities on Windows servers to detect access violations or unusual activity.
306 FISMA: Windows Domain Activities Displays all trusted domains created or deleted on Windows servers to ensure authorized and appropriate access.
307 FISMA: Windows Events by Users Displays all windows events summarized by user names.
308 FISMA: Windows Group Members Added Displays all accounts added to groups on the Windows servers to ensure appropriate access.
309 FISMA: Windows Group Members Deleted Displays all accounts removed from groups on the Windows servers to ensure appropriate access.
310 FISMA: Windows New Services Installed Displays a list of new services installed on Windows servers to ensure authorized access
311 FISMA: Windows Programs Accessed Displays all programs started and stopped on servers to ensure appropriate access.
312 FISMA: Windows Servers Restarted Displays all Windows server restart activities to detect unusual activities.
313 FISMA: Windows Software Update Activities
Displays all events related to the system’s software or patch update.
314 FISMA: Windows Software Update Failures Displays all failed events related to the system’s software or patch update.
315 FISMA: Windows Software Update Successes
Displays all successful events related to the system’s software or patch update.
# LogLogic Report Description
18 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Alerts for FISMA
LogLogic Alerts for FISMAThe following table lists the alerts included in the LogLogic Compliance Suite: FISMA Edition.
# LogLogic Alert Description
1 FISMA: Accounts Created Alert when a new account is created on servers.
2 FISMA: Accounts Deleted Alert when an account is deleted on servers.
3 FISMA: Accounts Enabled Alert when an account has been enabled on servers.
4 FISMA: Accounts Locked Alert when an account has been locked on servers.
5 FISMA: Accounts Modified Alert when an account is modified on servers.
6 FISMA: Active Directory Changes Alert when changes are made within Active Directory.
7 FISMA: Anomalous Firewall Traffic Alert when firewall traffic patterns are out of the norm.
8 FISMA: Anomalous IDS Alerts Alert when IDS anomalies are above or below defined thresholds.
9 FISMA: Check Point Policy Changed Alert when a Check Point firewall’s policy has been modified.
10 FISMA: Cisco ISE, ACS Configuration Changed
Alert when configuration changes are made to the Cisco ISE or Cisco SecureACS.
11 FISMA: Cisco ISE, ACS Passwords Changed
Alert when a user changes their password via Cisco ISE and Cisco SecureACS.
12 FISMA: Cisco PIX, ASA, FWSM Failover Disabled
Alert when a Cisco PIX, ASA, or FWSM HA configuration is disabled.
13 FISMA: Cisco PIX, ASA, FWSM Failover Errors
Alert when an error has occurred during PIX, ASA, or FWSM failover.
14 FISMA: Cisco PIX, ASA, FWSM Failover Performed
Alert when a failover has occurred on the Cisco, ASA, or FWSM devices.
15 FISMA: Cisco PIX, ASA, FWSM Policy Changed
Alert when a Cisco PIX, ASA, or FWSM firewall policy has been modified.
16 FISMA: Cisco PIX, ASA, FWSM Routing Failure
Alert when routing failure occurred in the Cisco PIX, ASA, or FWSM devices.
17 FISMA: Cisco Switch Policy Changed Alert when Cisco router or switch configuration has been modified.
18 FISMA: DB2 Database Backup Failed Alert when a DB2 database backup fails.
19 FISMA: DB2 Database Restore Failed Alert when a database restore fails on a DB2 database.
20 FISMA: DB2 Database Started or Stopped Alert when a DB2 database is started or stopped.
21 FISMA: DNS Server Shutdown Alert when DNS Server has been shutdown.
22 FISMA: DNS Server Started Alert when DNS Server has been started.
23 FISMA: Escalated Privileges Alert when a user or program has escalated the privileges.
24 FISMA: F5 BIG-IP TMOS Risky Traffic F5 BIG-IP TMOS traffic considered risky.
25 FISMA: Firewall Traffic Considered Risky Alert on non HTTP, SSL, or SSH traffic passing through the firewall.
26 FISMA: Group Members Added Alert when new members are added to user groups.
27 FISMA: Group Members Deleted Alert when members are removed from user groups.
28 FISMA: Groups Created Alert when new user groups are created.
29 FISMA: Groups Deleted Alert when a user group is deleted.
30 FISMA: Groups Modified Alert when a user group has been modified.
31 FISMA: Guardium SQL Guard Logins Alert when a user logs into the Guardium SQL Database.
32 FISMA: Guardium SQL Guard Startup or Shutdown
Alert when the Guardium SQL Database is started or stopped.
FISMA Compliance Suite Quick Start Guide 19
LogLogic Reports and Alerts for FISMA : LogLogic Alerts for FISMA
33 FISMA: i5/OS Network Profile Changes Alerts when any changes are made to an i5/OS network profile.
34 FISMA: i5/OS Permission or Policy Change Alerts when policies or permissions are changed on the i5/OS.
35 FISMA: i5/OS Server or Service Status Change
Alerts when the i5/OS is restarted or a service stops or starts.
36 FISMA: i5/OS Software Updates Alert when events related to the i5/OS software updates.
37 FISMA: i5/OS User Profile Changes Alerts when a user profile is changed on the i5/OS.
38 FISMA: IBM AIX Password Changed Alert when an account password is changed on IBM AIX servers.
39 FISMA: Juniper Firewall HA State Change Alert when Juniper Firewall has changed its failover state.
40 FISMA: Juniper Firewall Peer Missing Alert when a Juniper Firewall HA peer is missing.
41 FISMA: Juniper Firewall Policy Changes Alert when Juniper Firewall configuration is changed.
42 FISMA: Juniper Firewall Policy Out of Sync Alert when the Juniper Firewall’s policy is out of sync.
43 FISMA: Juniper VPN Policy Change Alert when Juniper VPN configuration is changed.
44 FISMA: Logins Failed Alert when login failures are over the defined threshold.
45 FISMA: Logins Succeeded Alert when successful logins are over the defined threshold.
46 FISMA: LogLogic Disk Full Alert when the LogLogic appliance’s disk is near full.
47 FISMA: LogLogic DSM Logins Alert when a user logs into the LogLogic DSM database.
48 FISMA: LogLogic DSM Startup or Shutdown
Alert when the LogLogic DSM database is started or stopped.
49 FISMA: LogLogic File Retrieval Errors Alert when problems are detected during log file retrieval.
50 FISMA: LogLogic HA State Change Alert when the LogLogic appliance failover state changes.
51 FISMA: LogLogic Message Routing Errors Alert when problems are detected during message forwarding.
52 FISMA: LogLogic NTP Service Stopped Alert when the LogLogic NTP engine has stopped.
53 FISMA: Microsoft Operations Manager - Permissions Changed
Alert when user or group permissions have been changed.
54 FISMA: Microsoft Operations Manager - Windows Passwords Changed
Alert when users have changed their passwords.
55 FISMA: Microsoft Operations Manager - Windows Policies Changed
Alert when Windows policies changed.
56 FISMA: Microsoft Sharepoint Content Deleted
Alerts on Microsoft Sharepoint content deleted events.
57 FISMA: Microsoft Sharepoint Content Updated
Alerts on Microsoft Sharepoint content updated events.
58 FISMA: Microsoft Sharepoint Permission Changed
Alerts on Microsoft Sharepoint permission changed events.
59 FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
Alerts on Microsoft Sharepoint policy additions, deleteions, and modifications.
60 FISMA: Microsoft SQL Server Backup Failed
Alert when Microsoft SQL Server backup process has failed.
61 FISMA: Microsoft SQL Server Restore Failed
Alert when Microsoft SQL Server restore process failed
62 FISMA: Microsoft SQL Server Shutdown Alert when Microsoft SQL Server has been shutdown.
63 FISMA: NetApp Authentication Failure Alerts when NetApp authentication failure events occur.
64 FISMA: NetApp Filer Audit Policies Changed
Alert when NetApp Filer Audit policies changed.
65 FISMA: NetApp Filer Disk Failure Disks are failing on the NetApp Filer device.
# LogLogic Alert Description
20 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Alerts for FISMA
66 FISMA: NetApp Filer Disk Inserted Alert when a disk is inserted into the NetApp Filer.
67 FISMA: NetApp Filer Disk Missing Disk is missing on the NetApp Filer device.
68 FISMA: NetApp Filer Disk Pulled Alert when a RAID disk has been pulled from the Filer device.
69 FISMA: NetApp Filer File System Full Alert when the file system is full on the NetApp Filer device.
70 FISMA: NetApp Filer Snapshot Error The NetApp Filer device is experiencing backup problems.
71 FISMA: NetApp Filer NIS Group Update Alert when the NIS group has been updated on the Filer device.
72 FISMA: NetApp Filer Unauthorized Mounting
Alert when an unauthorised mount event occurs.
73 FISMA: NTP Daemon Exited Alert when the NTP service has stopped.
74 FISMA: NTP Server Unreachable Alert when the remote NTP server is unreachable.
75 FISMA: Oracle Database Shutdown Alerts when an Oracle database is shutdown.
76 FISMA: RACF Files Accessed Alert when files are accessed on the RACF servers.
77 FISMA: RACF Passwords Changed Alert when users have changed their passwords.
78 FISMA: RACF Permissions Changed Alert when user or group permissions have been changed.
79 FISMA: RACF Process Started Alert whenever a process is run on a RACF server.
80 FISMA: Sybase ASE Database Backed Up or Restored
Alerts on backup and restore events to the Sybase ASE Database.
81 FISMA: Sybase ASE Database Started Alerts on Sybase ASE Database start events.
82 FISMA: Sybase ASE Database Stopped Alerts on Sybase ASE Database stop events.
83 FISMA: Symantec Endpoint Protection Configuration Changed
Alert when configuration changes are made to the Symantec Endpoint Protection.
84 FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
Alerts on Symantec Endpoint Protection additions, deletions, and modifications.
85 FISMA: System Restarted Alert when systems such as routers and switches have restarted.
86 FISMA: vCenter Create Virtual Machine Virtual machine has been created from VMware vCenter console.
87 FISMA: vCenter Data Move Entity has been moved within the VMware vCenter infrastructure.
88 FISMA: vCenter Datastore Event Displays create, modify, and delete datastore events on VMware vCenter.
89 FISMA: vCenter Delete Virtual Machine Virtual machine has been deleted or removed from WMWare vCenter console.
90 FISMA: vCenter Firewall Policy Change Displays changes to the VMware ESX allowed services firewall policy.
91 FISMA: vCenter Orchestrator Create Virtual Machine
Virtual machine has been created from VMware vCenter Orchestrator console.
92 FISMA: vCenter Orchestrator Data Move Entity has been moved within the VMware vCenter Orchestrator infrastructure.
93 FISMA: vCenter Orchestrator Datastore Events
Displays create, modify, and delete datastore events on VMware vCenter Orchesrator.
94 FISMA: vCenter Orchestrator Delete Virtual Machine
Virtual machine has been deleted or removed from WMWare vCenter Orchestrator console.
95 FISMA: vCenter Orchestrator Login Failed Failed logins to the VMware vCenter Orchestrator console.
96 FISMA: vCenter Orchestrator Virtual Machine Shutdown
Virtual machine has been shutdown or paused from VMware vCenter Orchestrator console.
97 FISMA: vCenter Orchestrator Virtual Machine Started
Virtual machine has been started or resumed from VMware vCenter Orchestrator console.
98 FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
vSwitch on VMware ESX server has been added, modified or removed from vCenter Orchestrator.
# LogLogic Alert Description
FISMA Compliance Suite Quick Start Guide 21
LogLogic Reports and Alerts for FISMA : LogLogic Alerts for FISMA
99 FISMA: vCenter Permission Change A permission role has been added, changed, removed, or applied on VMware vCenter.
100 FISMA: vCenter Restart ESX Services VMware vCenter restarted services running on VMware ESX Server.
101 FISMA: vCenter Shutdown or Restart ESX VMware ESX Server is shutdown from vCenter console.
102 FISMA: vCenter User Login Failed Failed logins to the VMware vCenter console.
103 FISMA: vCenter User Login Successful Successful logins to the VMware vCenter console.
104 FISMA: vCenter Virtual Machine Shutdown Virtual machine has been shutdown or paused from VMware vCenter console.
105 FISMA: vCenter Virtual Machine Started Virtual machine has been started or resumed from VMware vCenter console.
106 FISMA: vCenter vSwitch Add, Modify or Delete
Alert when vSwitch on VMware ESX server has been added, modified or removed from vCenter.
107 FISMA: vCloud Director Login Failed Failed logins to the VMware vCloud Director console.
108 FISMA: vCloud Director Login Success Successful logins to the VMware vCloud Director console.
109 FISMA: vCloud Organization Created Organization successfully created on VMware vCloud Director.
110 FISMA: vCloud Organization Deleted Organization successfully deleted on VMware vCloud Director.
111 FISMA: vCloud Organization Modified Organization successfully modified on VMware vCloud Director.
112 FISMA: vCloud User Created User successfully created on VMware vCloud Director.
113 FISMA: vCloud User, Group, or Role Modified
VMware vCloud Director user, group, or role has been modified.
114 FISMA: vCloud vApp Created, Deleted, or Modified
VMware vCloud Director vApp has been created, deleted, or modified.
115 FISMA: vCloud vDC Created, Modified, or Deleted
VMware vCloud Director Virtual Datacenters have been created, deleted, or modified.
116 FISMA: vShield Edge Configuration Change
Alerts on configuration changes to VMware vShield Edge policies.
117 FISMA: vShield Risky Traffic VMware vShield Edge traffic considered risky.
118 FISMA: Windows Audit Log Cleared Alert when audit logs on Windows servers have been cleared.
119 FISMA: Windows Files Accessed Show files accessed on the Windows servers.
120 FISMA: Windows Objects Create/Delete Alert when system level objects have been created or deleted.
121 FISMA: Windows Passwords Changed Alert when users have changed their passwords.
122 FISMA: Windows Permissions Changed Alert when user or group permissions have been changed.
123 FISMA: Windows Policies Changed Alert when Windows policies changed.
124 FISMA: Windows Process Started Displays all processes started on Windows servers.
125 FISMA: Windows Programs Accessed Programs started on the Windows servers.
126 FISMA: Windows Server Restarted Alert when a Windows server has been restarted.
127 FISMA: Windows Software Updates Alert when events related to the Windows’ software updates.
128 FISMA: Windows Software Updates Failed Alert when failed events related to the software updates.
129 FISMA: Windows Software Updates Succeeded
Alert for successful events related to the software updates.
# LogLogic Alert Description
22 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
LogLogic Reports and Alerts Quick ReferenceThe following table lists the reports and alerts included in the LogLogic Compliance Suite for FISMA.
Section Description LogLogic Reports and Alerts
Access Control
AC-2 Account Management Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: Cisco ISE, ACS Password Changes
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Failed Logins
FISMA Compliance Suite Quick Start Guide 23
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-2 Account Management Compliance Suite Reports - Continued
FISMA: ESX Group Activities
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Failed Logins
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Object Permissions Modified
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Operations Manager - Windows Policies Modified
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
Section Description LogLogic Reports and Alerts
24 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-2 Account Management Compliance Suite Reports - Continued
FISMA: NetApp Filer Login Successful
FISMA: NetApp Filer Password Changes
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Failed Logins
FISMA: RACF Password Changed
FISMA: RACF Permissions Changed
FISMA: RACF Successful Logins
FISMA: Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: Symantec Endpoint Protection Password Changes
FISMA: TIBCO Administrator Password Changes
FISMA: TIBCO Administrator Permission Changes
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
FISMA: Password Changes on Windows Servers
FISMA: Permissions Modified on Windows Servers
FISMA: Policies Modified on Windows Servers
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 25
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-2 Account Management Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Cisco ISE, ACS Passwords Changed
FISMA: Escalated Privileges
FISMA: Groups Created
FISMA: Groups Deleted
FISMA: Groups Modified
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: IBM AIX Password Changed
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Operations Manager - Windows Passwords Changed
FISMA: Microsoft Operations Manager - Windows Policies Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: NetApp Authentication Failure
FISMA: RACF Passwords Changed
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
FISMA: Windows Passwords Changed
FISMA: Windows Permissions Changed
FISMA: Windows Policies Changed
Section Description LogLogic Reports and Alerts
26 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Access Control
AC-3 Access Enforcement Compliance Suite Reports FISMA: Active Directory System Changes
FISMA: Check Point Configuration Changes
FISMA: Check Point Object Activity
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco PIX, ASA, FWSM Policy Changes
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changes
FISMA: Firewall Traffic Considered Risky - Cisco PIX
FISMA: Firewall Traffic Considered Risky - Juniper Firewall
FISMA: Firewall Traffic Considered Risky - Juniper JunOS
FISMA: Firewall Traffic Considered Risky - Check Point
FISMA: Firewall Traffic Considered Risky - Cisco ASA
FISMA: Firewall Traffic Considered Risky - Cisco FWSM
FISMA: Firewall Traffic Considered Risky - Cisco IOS
FISMA: Firewall Traffic Considered Risky - Cisco Netflow
FISMA: Firewall Traffic Considered Risky - Fortinet
FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
FISMA: Firewall Traffic Considered Risky - Juniper RT Flow
FISMA: Firewall Traffic Considered Risky - Nortel
FISMA: Firewall Traffic Considered Risky - PANOS
FISMA: Firewall Traffic Considered Risky - Sidewinder
FISMA: Firewall Traffic Considered Risky - VMware vShield
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: NetApp Filer Audit Policies Modified
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter vSwitch Added, Changed or Removed
FISMA: vShield Edge Configuration Changes
Compliance Suite Alerts
FISMA: Active Directory Changes
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changes
FISMA: F5 BIG-IP TMOS Risky Traffic
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 27
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-3 Access Enforcement Compliance Suite Alerts - Continued
FISMA: Firewall Traffic Considered Risky
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper VPN Policy Change
FISMA: NetApp Filer Audit Policies Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add Modify or Delete
FISMA: vShield Edge Configuration Change
FISMA: vShield Risky Traffic
Section Description LogLogic Reports and Alerts
28 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-4 Information Flow Enforcement
Compliance Suite Reports
FISMA: Active Directory System Changes FISMA: Check Point Configuration Changes FISMA: Check Point Object Activity FISMA: Cisco ISE, ACS Configuration Changes FISMA: Cisco Line Protocol Status Changes FISMA: Cisco Link Status Changes FISMA: Cisco PIX, ASA, FWSM Policy Changed FISMA: Cisco Switch Policy Changes FISMA: Firewall Connections Accepted - Check Point FISMA: Firewall Connections Accepted - Cisco ASA FISMA: Firewall Connections Accepted - Cisco FWSM FISMA: Firewall Connections Accepted - Cisco IOS
FISMA: Firewall Connections Accepted - Cisco Netflow FISMA: Firewall Connections Accepted - Cisco NXOS FISMA: Firewall Connections Accepted - Cisco PIX
FISMA: Firewall Connections Accepted - F5 BIG-IP TMOS
FISMA: Firewall Connections Accepted - Fortinet FISMA: Firewall Connections Accepted - Juniper Firewall FISMA: Firewall Connections Accepted - Juniper JunOS FISMA: Firewall Connections Accepted - Juniper RT Flow FISMA: Firewall Connections Accepted - Nortel FISMA: Firewall Connections Accepted - PANOS FISMA: Firewall Connections Accepted - Sidewinder FISMA: Firewall Connections Accepted - VMware vShield FISMA: Firewall Connections Denied - Check Point FISMA: Firewall Connections Denied - Cisco ASA FISMA: Firewall Connections Denied - Cisco FWSM FISMA: Firewall Connections Denied - Cisco IOS FISMA: Firewall Connections Denied - Cisco NXOS FISMA: Firewall Connections Denied - Cisco PIX FISMA: Firewall Connections Denied - Cisco Router
FISMA: Firewall Connections Denied - F5 BIG-IP TMOS
FISMA: Firewall Connections Denied - Fortinet FISMA: Firewall Connections Denied - Juniper Firewall FISMA: Firewall Connections Denied - Juniper JunOS FISMA: Firewall Connections Denied - Juniper RT Flow FISMA: Firewall Connections Denied - Nortel FISMA: Firewall Connections Denied - PANOS FISMA: Firewall Connections Denied - Sidewinder FISMA: Firewall Connections Denied - VMware vShield FISMA: Firewall Traffic Considered Risky - Cisco IOS FISMA: Firewall Traffic Considered Risky - Cisco Netflow FISMA: Firewall Traffic Considered Risky - Cisco PIX FISMA: Firewall Traffic Considered Risky - Juniper Firewall FISMA: Firewall Traffic Considered Risky - Juniper JunOS FISMA: Firewall Traffic Considered Risky - Check Point FISMA: Firewall Traffic Considered Risky - Cisco ASA FISMA: Firewall Traffic Considered Risky - Cisco FWSM FISMA: Firewall Traffic Considered Risky - Fortinet
FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 29
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-4 Information Flow Enforcement
Compliance Suite Reports - Continued FISMA: Firewall Traffic Considered Risky - Juniper JunOS FISMA: Firewall Traffic Considered Risky - Juniper RT Flow FISMA: Firewall Traffic Considered Risky - Nortel FISMA: Firewall Traffic Considered Risky - PANOS
FISMA: Firewall Traffic Considered Risky - Sidewinder
FISMA: Firewall Traffic Considered Risky - VMware vShield
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: NetApp Filer Audit Policies Modified
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter vSwitch Added, Changed or Removed
FISMA: vShield Edge Configuration Changes
Compliance Suite Alerts
FISMA: Active Directory Changes
FISMA: Anomalous Firewall Traffic
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changed
FISMA: F5 BIG-IP TMOS Risky Traffic
FISMA: Firewall Traffic Considered Risky
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper VPN Policy Change
FISMA: NetApp Filer Audit Policies Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add, Modify or Delete
FISMA: vShield Edge Configuration Change
FISMA: vShield Risky Traffic
Section Description LogLogic Reports and Alerts
30 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-5 Separation of Duties Compliance Suite Reports
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: Cisco ISE, ACS Password Changes
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Object Permissions Modified
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Operations Manager - Windows Policies Modified
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 31
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-5 Separation of Duties Compliance Suite Reports - Continued
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
FISMA: NetApp Filer Password Changes
FISMA: RACF Password Changed
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Password Changes
FISMA: TIBCO Administrator Password Changes
FISMA: TIBCO Administrator Permission Changes
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
FISMA: Password Changes on Windows Servers
FISMA: Permissions Modified on Windows Servers
FISMA: Policies Modified on Windows Servers
Section Description LogLogic Reports and Alerts
32 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-5 Separation of Duties Compliance Suite Alerts
FISMA: Anomalous Firewall Traffic
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Cisco ISE, ACS Passwords Changed
FISMA: Escalated Privileges
FISMA: Group Members Added
FISMA: Groups Created
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: IBM AIX Password Changed
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Operations Manager - Windows Passwords Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: RACF Passwords Changed
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Orchestrator Create Virtual Machine
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: Windows Objects Create/Delete
FISMA: Windows Passwords Changed
FISMA: Windows Permissions Changed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 33
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-6 Least Privilege Compliance Suite Reports
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: DB2 Database Logins
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Group Activities
FISMA: ESX Logins Succeeded
FISMA: Files Accessed on NetApp Filer Audit
FISMA: Files Accessed on Servers
FISMA: Files Accessed through Juniper SSL VPN (Secure Access)
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
Section Description LogLogic Reports and Alerts
34 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-6 Least Privilege Compliance Suite Reports - Continued
FISMA: i5/OS Files Accessed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Modified
FISMA: i5/OS Service Started
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Modifications
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Sharepoint Content Deleted
FISMA: Microsoft Sharepoint Content Updates
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer File activity
FISMA: Oracle Database Logins
FISMA: RACF Accounts Modified
FISMA: RACF Files Accessed
FISMA: RACF Process Started
FISMA: RACF Successful Logins
FISMA: Sybase ASE Successful Logins
FISMA: vCenter Data Move
FISMA: vCenter Datastore Events
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Datastore Events
FISMA: vCenter Orchestrator Data Move
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCenter User Permission Change
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Programs Accessed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 35
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-6 Least Privilege Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Accounts Modified
FISMA: Escalated Privileges
FISMA: Groups Created
FISMA: Groups Deleted
FISMA: Groups Modified
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Sharepoint Content Deleted
FISMA: Microsoft Sharepoint Content Updated
FISMA: NetApp Authentication Failure
FISMA: NetApp Filer NIS Group Update
FISMA: RACF Files Accessed
FISMA: RACF Process Started
FISMA: vCenter Data Move
FISMA: vCenter Datastore Event
FISMA: vCenter Orchestrator Data Move
FISMA: vCenter Orchestrator Datastore Event
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter Permission Change
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: vCloud User, Group, or Role Modified
FISMA: Windows Files Accessed
FISMA: Windows Objects Create/Delete
FISMA: Windows Programs Accessed
Section Description LogLogic Reports and Alerts
36 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-7 Unsuccessful Login Attempts Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Check Point Management Station Login
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Failed Logins
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Failed Logins
FISMA: RACF Successful Logins
FISMA: Sybase ASE Failed Logins
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 37
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-7 Unsuccessful Login Attempts Compliance Suite Reports - Continued
FISMA: Sybase ASE Successful Logins
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: VPN Users Accessing Corporate Network
Compliance Suite Alerts
FISMA: Guardium SQL Guard Logins
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: NetApp Authentication Failure
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCenter Orchestrator Login Failed
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
AC-12 Session Termination Compliance Suite Reports
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Escalated Privilege Activities on Servers
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Events by Users
FISMA: Microsoft Operations Manager - Windows Policies Modified
FISMA: Microsoft Sharepoint Policy Add, Delete, or Modify
FISMA: Policies Modified on Windows Servers
FISMA: Windows Events by Users
Compliance Suite Alerts
FISMA: Escalated Privileges
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: Microsoft Operations Manager - Windows Policies Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: Windows Policies Changed
Section Description LogLogic Reports and Alerts
38 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-13 Supervision and Review – Access Control
Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: Cisco ISE, ACS Password Changes
FISMA: Check Point Management Station Login
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Failed Logins
FISMA: ESX Group Activities
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 39
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-13 Supervision and Review – Access Control
Compliance Suite Reports - Continued
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Failed Logins
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Object Permissions Modified
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Operations Manager - Windows Policies Modified
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: NetApp Filer Password Changes
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
Section Description LogLogic Reports and Alerts
40 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-13 Supervision and Review – Access Control
Compliance Suite Reports - Continued
FISMA: RACF Failed Logins
FISMA: RACF Password Changed
FISMA: RACF Permissions Changed
FISMA: RACF Successful Logins
FISMA: Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: Symantec Endpoint Protection Password Changes
FISMA: TIBCO Administrator Password Changes
FISMA: TIBCO Administrator Permission Changes
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
FISMA: Password Changes on Windows Servers
FISMA: Permissions Modified on Windows Servers
FISMA: Policies Modified on Windows Servers
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Cisco ISE, ACS Passwords Changed
FISMA: Escalated Privileges
FISMA: Groups Created
FISMA: Groups Deleted
FISMA: Groups Modified
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: IBM AIX Password Changed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 41
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-13 Supervision and Review – Access Control
Compliance Suite Alerts - Continued
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Operations Manager - Windows Passwords Changed
FISMA: Microsoft Operations Manager - Windows Policies Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: NetApp Authentication Failure
FISMA: NetApp Filer Unauthorized Mounting
FISMA: RACF Passwords Changed
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
FISMA: Windows Passwords Changed
FISMA: Windows Permissions Changed
FISMA: Windows Policies Changed
Section Description LogLogic Reports and Alerts
42 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AC-17 Remote Access Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Check Point Management Station Login
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Successful
FISMA: VPN Active Connections
FISMA: VPN Connection Disconnect Reasons
FISMA: VPN Connections by Users
FISMA: VPN Denied Connections by Users
FISMA: VPN Sessions by Users
FISMA: VPN Users Accessing Corporate Network
Compliance Suite Alerts
FISMA: Logins Succeeded
FISMA: Logins Failed
AC-18 Wireless Access Restrictions
Audit and Accountability
AU-2 Auditable Events Compliance Suite Reports
FISMA: LogLogic Disk Full
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: NetApp Filer Audit Logs Cleared
FISMA: Windows Audit Logs Cleared
Compliance Suite Alerts
FISMA: LogLogic Disk Full
FISMA: LogLogic Message Routing Errors
FISMA: LogLogic File Retrieval Errors
FISMA: Windows Audit Log Cleared
AU-3 Content of Audit Records
AU-4 Audit Storage Capacity
AU-5 Audit Processing
AU-6 Audit Monitoring, Analysis, and Reporting
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 43
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AU-7 Audit Reduction and Report Generation
Compliance Suite Reports
FISMA: DNS Server Error
FISMA: LogLogic Disk Full
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: Periodic Review of Log Reports
FISMA: Periodic Review of User Access Logs
FISMA: NetApp Filer Audit Logs Cleared
FISMA: Windows Audit Logs Cleared
Compliance Suite Alerts
FISMA: LogLogic Disk Full
FISMA: LogLogic Message Routing Errors
FISMA: LogLogic File Retrieval Errors
FISMA: Windows Audit Log Cleared
AU-8 Time Stamps Compliance Suite Reports
FISMA: LogLogic NTP Service Stopped
FISMA: NTP Clock Synchronized
FISMA: NTP Daemon Exited
FISMA: NTP Server Unreachable
Compliance Suite Alerts
FISMA: LogLogic NTP Service Stopped
FISMA: NTP Daemon Exited
FISMA: NTP Server Unreachable
AU-9 Protection of Audit Information
Compliance Suite Reports
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: Periodic Review of Log Reports
FISMA: Periodic Review of User Access Logs
FISMA: NetApp Filer Audit Logs Cleared
FISMA: Windows Audit Logs Cleared
Compliance Suite Alerts
FISMA: LogLogic Disk Full
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: Windows Audit Log Cleared
Section Description LogLogic Reports and Alerts
44 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
AU-11 Audit Retention Compliance Suite Reports
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
Compliance Suite Alerts
FISMA: LogLogic Disk Full
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
Certification, Accreditation, and Security Assessments
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 45
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CA-3 Information System Connections
Compliance Suite Reports
FISMA: Active Directory System Changes
FISMA: Check Point Configuration Changes
FISMA: Check Point Object Activity
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changes
FISMA: DNS Server Error
FISMA: ESX Kernel log daemon terminating
FISMA: ESX Kernel logging Stop
FISMA: ESX Syslogd Restart
FISMA: Firewall Traffic Considered Risky - Cisco IOS
FISMA: Firewall Traffic Considered Risky - Cisco Netflow
FISMA: Firewall Traffic Considered Risky - Cisco PIX
FISMA: Firewall Traffic Considered Risky - Juniper Firewall
FISMA: Firewall Traffic Considered Risky - Check Point
FISMA: Firewall Traffic Considered Risky - Cisco ASA
FISMA: Firewall Traffic Considered Risky - Cisco FWSM
FISMA: Firewall Traffic Considered Risky - Fortinet
FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
FISMA: Firewall Traffic Considered Risky - Juniper JunOS
FISMA: Firewall Traffic Considered Risky - Juniper RT Flow
FISMA: Firewall Traffic Considered Risky - Nortel
FISMA: Firewall Traffic Considered Risky - PANOS
FISMA: Firewall Traffic Considered Risky - Sidewinder
FISMA: Firewall Traffic Considered Risky - VMware vShield
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: NetApp Filer Audit Policies Modified
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter vSwitch Added, Changed or Removed
FISMA: vShield Edge Configuration Changes
Section Description LogLogic Reports and Alerts
46 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CA-3 Information System Connections
Compliance Suite Alerts
FISMA: Active Directory Changes
FISMA: Check Point Configuration Changes
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changed
FISMA: F5 BIG-IP TMOS Risky Traffic
FISMA: Firewall Traffic Considered Risky
FISMA: i5/OS Server or Service Status Change
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper VPN Policy Change
FISMA: NetApp Filer Audit Policies Changed
FISMA: NetApp Filer Disk Inserted
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add Modify or Delete
FISMA: vShield Edge Configuration Change
FISMA: vShield Risky Traffic
FISMA: Windows Process Started
CA-7 Continuous Monitoring Compliance Suite Reports
FISMA: DNS Server Error
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: NetApp Filer Audit Logs Cleared
FISMA: Periodic Review of Log Reports
FISMA: Periodic Review of User Access Logs
FISMA: Windows Audit Logs Cleared
Compliance Suite Alerts
FISMA: LogLogic Disk Full
FISMA: LogLogic File Retrieval Errors
FISMA: LogLogic Message Routing Errors
FISMA: Windows Audit Log Cleared
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 47
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Configuration Management
CM-3 Configuration Change Control
Compliance Suite Reports
FISMA: Active Directory System Changes
FISMA: Check Point Configuration Changes
FISMA: Check Point Object Activity
FISMA: Cisco ESA: Updated
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changes
FISMA: Cisco System Restarted
FISMA: DB2 Database Stop and Start Events
FISMA: F5 BIG-IP TMOS Restarted
FISMA: Guardium SQL Guard Audit Startup or Shutdown
FISMA: Guardium SQL Guard Startup or Shutdown
FISMA: i5/OS Restarted
FISMA: Juniper Firewall HA State Changed
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper Firewall Restarted
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: LogLogic DSM Startup or Shutdown
FISMA: NetApp Filer Audit Policies Modified
FISMA: Oracle Database Shutdown
FISMA: Software Update Successes on i5/OS
FISMA: Sybase ASE Database Startup or Shutdown
FISMA: Symantec AntiVirus: Updated
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: Symantec Endpoint Protection: Scans
FISMA: Symantec Endpoint Protection: Updated
FISMA: System Restarted
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Orchestrator Virtual Machine Shutdown
FISMA: vCenter Orchestrator Virtual Machine Started
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
Section Description LogLogic Reports and Alerts
48 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-3 Configuration Change Control
Compliance Suite Reports - Continued
FISMA: vCenter Resource Usage Change
FISMA: vCenter Restart ESX Services
FISMA: vCenter Shutdown or Restart of ESX Server
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCenter Virtual Machine Shutdown
FISMA: vCenter Virtual Machine Started
FISMA: vCenter vSwitch Add, Changed or Removed
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
FISMA: vShield Edge Configuration Changes
FISMA: Windows New Services Installed
FISMA: Windows Software Update Activities
FISMA: Windows Software Update Failures
FISMA: Windows Software Update Successes
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 49
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-3 Configuration Change Control
Compliance Suite Alerts
FISMA: Active Directory Changes
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changed
FISMA: DB2 Database Started or Stopped
FISMA: DNS Server Shutdown
FISMA: DNS Server Started
FISMA: Guardium SQL Guard Startup or Shutdown
FISMA: i5/OS Server or Service Status Change
FISMA: i5/OS Software Updates
FISMA: Juniper Firewall HA State Change
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper VPN Policy Change
FISMA: LogLogic DSM Startup or Shutdown
FISMA: Microsoft SQL Server Shutdown
FISMA: NetApp Filer Audit Policies Changed
FISMA: NetApp Filer Disk Inserted
FISMA: Oracle Database Shutdown
FISMA: Sybase ASE Database Started
FISMA: Sybase ASE Database Stopped
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: System Restarted
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator Create Virtual Machine
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCenter Orchestrator Virtual Machine Shutdown
FISMA: vCenter Orchestrator Virtual Machine Started
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter Restart ESX Services
FISMA: vCenter Shutdown or Restart ESX
FISMA: vCenter Virtual Machine Shutdown
FISMA: vCenter Virtual Machine Started
FISMA: vCenter vSwitch Add, Modify or Delete
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
Section Description LogLogic Reports and Alerts
50 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-3 Configuration Change Control
Compliance Suite Alerts - Continued
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: vShield Edge Configuration Change
FISMA: Windows Server Restarted
FISMA: Windows Software Updates
FISMA: Windows Software Updates Failed
FISMA: Windows Software Updates Succeeded
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 51
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-4 Monitoring Configuration Changes
Compliance Suite Reports
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Active Directory System Changes
FISMA: Administrators Activities on Servers
FISMA: Check Point Configuration Changes
FISMA: Check Point Object Activity
FISMA: Cisco ESA: Updated
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco ISE, ACS Password Changes
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changes
FISMA: Domain Activities on Symantec Endpoint Protection
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Group Activities
FISMA: F5 BIG-IP TMOS Password Changes
Section Description LogLogic Reports and Alerts
52 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-4 Monitoring Configuration Changes
Compliance Suite Reports - Continued
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Object Permissions Modified
FISMA: Juniper Firewall HA State Changed
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Operations Manager - Windows Policies Modified
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
FISMA: NetApp Filer Audit Policies Modified
FISMA: NetApp Filer Password Changes
FISMA: Password Changes on Windows Servers
FISMA: Permissions Modified on Windows Servers
FISMA: Policies Modified on Windows Servers
FISMA: RACF Password Changed
FISMA: RACF Permissions Changed
FISMA: Symantec AntiVirus: Updated
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Password Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: Symantec Endpoint Protection: Scans
FISMA: TIBCO Administrator Password Changes
FISMA: TIBCO Administrator Permission Changes
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCenter vSwitch Added, Changed or Removed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 53
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
Section Description LogLogic Reports and Alerts
54 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-4 Monitoring Configuration Changes
Compliance Suite Reports - Continued
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
FISMA: vShield Edge Configuration Changes
FISMA: Windows Domain Activities
FISMA: Windows New Services Installed
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco Switch Policy Changed
FISMA: Escalated Privileges
FISMA: Groups Modified
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper Firewall HA State Change
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: NetApp Filer Audit Policies Changed
FISMA: NetApp Filer Disk Inserted
FISMA: NetApp Filer NIS Group Update
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator Create Virtual Machine
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 55
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-4 Monitoring Configuration Changes
Compliance Suite Alerts - Continued
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add, Modify or Delete
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: vShield Edge Configuration Change
FISMA: Windows Objects Create/Delete
FISMA: Windows Permissions Changed
Section Description LogLogic Reports and Alerts
56 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-5 Access Restrictions for Change
Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Files Accessed on NetApp Filer Audit
FISMA: Files Accessed on Servers
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 57
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-5 Access Restrictions for Change
Compliance Suite Reports - Continued
FISMA: Files Accessed through Juniper SSL VPN (Secure Access)
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS Files Accessed
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Service Started
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: Failed Logins
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Sharepoint Content Deleted
FISMA: Microsoft Sharepoint Content Updates
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer File activity
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Failed Logins
FISMA: RACF Files Accessed
Section Description LogLogic Reports and Alerts
58 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-5 Access Restrictions for Change
Compliance Suite Reports - Continued
FISMA: RACF Process Started
FISMA: RACF Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Programs Accessed
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Escalated Privileges
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Changes
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Sharepoint Content Deleted
FISMA: Microsoft Sharepoint Content Updated
FISMA: NetApp Authentication Failure
FISMA: RACF Process Started
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 59
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-6 Configuration Settings Compliance Suite Reports
FISMA: Active Directory System Changes FISMA: Check Point Configuration Changes FISMA: Check Point Object Activity FISMA: Cisco ESA: Updated FISMA: Cisco ISE, ACS Configuration Changes FISMA: Cisco PIX, ASA, FWSM Policy Changed FISMA: Cisco PIX, ASA, FWSM Routing Failure FISMA: Cisco Switch Policy Changes FISMA: Firewall Traffic Considered Risky - Cisco IOS FISMA: Firewall Traffic Considered Risky - Cisco Netflow FISMA: Firewall Traffic Considered Risky - Cisco PIX FISMA: Firewall Traffic Considered Risky - Juniper Firewall FISMA: Firewall Traffic Considered Risky - Check Point FISMA: Firewall Traffic Considered Risky - Cisco ASA FISMA: Firewall Traffic Considered Risky - Cisco FWSM FISMA: Firewall Traffic Considered Risky - Fortinet
FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
FISMA: Firewall Traffic Considered Risky - Juniper JunOS FISMA: Firewall Traffic Considered Risky - Juniper RT Flow FISMA: Firewall Traffic Considered Risky - Nortel FISMA: Firewall Traffic Considered Risky - PANOS FISMA: Firewall Traffic Considered Risky - Sidewinder FISMA: Firewall Traffic Considered Risky - VMware vShield FISMA: Juniper Firewall Policy Changed FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: NetApp Filer Audit Policies Modified
FISMA: Symantec AntiVirus: Updated
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: Symantec Endpoint Protection: Scans FISMA: vCenter Change Attributes FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change FISMA: vCenter vSwitch Added, Changed or Removed FISMA: vShield Edge Configuration ChangesCompliance Suite Alerts FISMA: Active Directory Changes FISMA: Check Point Policy Changed FISMA: Cisco ISE, ACS Configuration Changed FISMA: Cisco PIX, ASA, FWSM Policy Changed FISMA: Cisco PIX, ASA, FWSM Routing Failure FISMA: Cisco Switch Policy Changed
CM-7 Least Functionality
Section Description LogLogic Reports and Alerts
60 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
CM-6
CM-7
Configuration Settings
Least Functionality
Compliance Suite Alerts - Continued
FISMA: F5 BIG-IP TMOS Risky Traffic
FISMA: Firewall Traffic Considered Risky FISMA: Juniper Firewall Policy Changes FISMA: Juniper VPN Policy Change
FISMA: NetApp Filer Audit Policies Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add, Modify or Delete FISMA: vShield Edge Configuration Change
FISMA: vShield Risky Traffic
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 61
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Contingency Planning
CP-9 Information System Backup Compliance Suite Reports
FISMA: DB2 Database Backup Failed
FISMA: DB2 Database Restore Failed
FISMA: NetApp Filers Backup Errors
FISMA: NetApp Filer Disk Failure
FISMA: NetApp Filer Disk Missing
FISMA: NetApp Filer Snapshot Error
FISMA: Microsoft SQL Server Backup Failed
FISMA: Microsoft SQL Server Restore Failed
FISMA: Sybase ASE Database Backup and Restoration
Compliance Suite Alerts
FISMA: DB2 Database Backup Failed
FISMA: DB2 Database Restore Failed
FISMA: Microsoft SQL Server Backup Failed
FISMA: Microsoft SQL Server Restore Failed
FISMA: NetApp Filer Disk Failure
FISMA: NetApp Filer Disk Inserted
FISMA: NetApp Filer Disk Missing
FISMA: NetApp Filer Disk Pulled
FISMA: NetApp Filer Snapshot Error
FISMA: Sybase ASE Database Backed Up or Restored
Section Description LogLogic Reports and Alerts
62 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Identification and Authentication
IA-2 User Identification and Authentication
Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Accounts created on UNIX Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Enabled on Windows Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: DHCP Granted/Renewed Activities on Microsoft DHCP
FISMA: DHCP Granted/Renewed Activities on VMware vShield
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Creation
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Creation
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 63
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-2 User Identification and Authentication
Compliance Suite Reports - Continued
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: Failed Logins
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Accounts Created
FISMA: Microsoft Operations Manager - Windows Accounts Enabled
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Accounts Created
FISMA: RACF Failed Logins
FISMA: RACF Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Group Members Added
Section Description LogLogic Reports and Alerts
64 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-2 User Identification and Authentication
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Enabled
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: NetApp Authentication Failure
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 65
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-3 Device Identification andAuthentication
Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: DHCP Granted/Renewed Activities on Microsoft DHCP
FISMA: DHCP Granted/Renewed Activities on VMware vShield
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Creation
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Creation
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
Section Description LogLogic Reports and Alerts
66 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-3 Device Identification andAuthentication
Compliance Suite Reports - Continued
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: Failed Logins
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Accounts Created
FISMA: Microsoft Operations Manager - Windows Accounts Enabled
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Accounts Created
FISMA: RACF Failed Logins
FISMA: RACF Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Accounts Enabled
FISMA: Windows Group Members Added
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 67
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-3 Device Identification andAuthentication
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Enabled
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: NetApp Authentication Failure
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
Section Description LogLogic Reports and Alerts
68 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-4 Identifier Management Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Enabled on Windows Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Password Changes
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Failed Logins
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Creation
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Creation
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 69
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-4 Identifier Management Compliance Suite Reports - Continued
FISMA: NetApp Filer Login Successful
FISMA: NetApp Filer Password Changes
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Accounts Created
FISMA: Microsoft Operations Manager - Windows Accounts Enabled
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Accounts Created
FISMA: RACF Failed Logins
FISMA: RACF Password Changed
FISMA: RACF Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: Symantec Endpoint Protection Password Changes
FISMA: TIBCO Administrator Password Changes
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: VPN Users Accessing Corporate Network
FISMA: Password Changes on Windows Servers
FISMA: Windows Group Members Added
Section Description LogLogic Reports and Alerts
70 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-4 Identifier Management Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Enabled
FISMA: Cisco ISE, ACS Passwords Changed
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: IBM AIX Password Changed
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Passwords Changed
FISMA: NetApp Authentication Failure
FISMA: RACF Passwords Changed
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
FISMA: Windows Passwords Changed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 71
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-5 Authenticator Management Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Enabled on Windows Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Password Changes
FISMA: DB2 Database Failed Logins
FISMA: DB2 Database Logins
FISMA: Denied VPN Connections - RADIUS
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Failed Logins
FISMA: ESX Logins Failed Unknown User
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Failed
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Failed Logins
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Network User Login Failed
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Creation
FISMA: i5/OS User Login Failed
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Creation
FISMA: Juniper SSL VPN (Secure Access) Failed Logins
FISMA: Juniper SSL VPN (Secure Access) Failed Logins by User
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
Section Description LogLogic Reports and Alerts
72 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-5 Authenticator Management Compliance Suite Reports - Continued
FISMA: Juniper SSL VPN Failed Logins
FISMA: Juniper SSL VPN Failed Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Accounts Created
FISMA: Microsoft Operations Manager - Windows Accounts Enabled
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft SQL Server Database Failed Logins
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Failed
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Failed
FISMA: NetApp Filer Login Successful
FISMA: NetApp Filer Password Changes
FISMA: Oracle Database Logins
FISMA: Oracle Database Failed Logins
FISMA: RACF Accounts Created
FISMA: RACF Failed Logins
FISMA: RACF Password Changed
FISMA: RACF Successful Logins
FISMA: Successful Logins
FISMA: Sybase ASE Failed Logins
FISMA: Sybase ASE Successful Logins
FISMA: Symantec Endpoint Protection Password Changes
FISMA: TIBCO Administrator Password Changes
FISMA: UNIX Failed Logins
FISMA: vCenter Failed Logins
FISMA: vCenter Orchestrator Failed Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Failed Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Group Members Added
FISMA: Password Changes on Windows Servers
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 73
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
IA-5 Authenticator Management Compliance Suite Alerts FISMA: Accounts Created
FISMA: Accounts Enabled
FISMA: Cisco ISE, ACS Passwords Changed
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: IBM AIX Password Changed
FISMA: Logins Failed
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Passwords Changed
FISMA: NetApp Authentication Failure
FISMA: RACF Passwords Changed
FISMA: vCenter Orchestrator Login Failed
FISMA: vCenter User Login Failed
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Failed
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
FISMA: Windows Passwords Changed
Section Description LogLogic Reports and Alerts
74 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Maintenance
MA-4 Remote Maintenance Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Administrators Activities on Servers
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: DB2 Database Logins
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS User Login Successful
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Successful Logins
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 75
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
MA-4 Remote Maintenance Compliance Suite Reports - Continued
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: Successful Logins
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Login Successful
FISMA: Oracle Database Logins
FISMA: RACF Successful Logins
FISMA: Sybase ASE Successful Logins
FISMA: vCenter Successful Logins
FISMA: vCloud Successful Logins
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Escalated Privileges
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS User Profile Changes
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Success
FISMA: vCloud User Created
FISMA: Windows Objects Create/Delete
Section Description LogLogic Reports and Alerts
76 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
Personnel Security
PS-4 Access Control to Program Source Code
Compliance Suite Reports
FISMA: Accepted VPN Connections - RADIUS
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Check Point Management Station Login
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: DB2 Database Logins
FISMA: ESX Accounts Deleted
FISMA: ESX Group Activities
FISMA: ESX Logins Succeeded
FISMA: F5 BIG-IP TMOS Login Successful
FISMA: Guardium SQL Guard Audit Logins
FISMA: Guardium SQL Guard Logins
FISMA: Group Activities on NetApp Filer Audit
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS Network User Login Successful
FISMA: i5/OS Network User Profile Deletion
FISMA: i5/OS Network User Profile Modified
FISMA: i5/OS Object Permissions Modified
FISMA: i5/OS User Login Successful
FISMA: i5/OS User Profile Modifications
FISMA: Juniper SSL VPN (Secure Access) Successful Logins
FISMA: Juniper SSL VPN (Secure Access) Successful Logins by User
FISMA: Juniper SSL VPN Successful Logins
FISMA: Juniper SSL VPN Successful Logins by User
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft SQL Server Database Logins
FISMA: NetApp Filer Audit Login Successful
FISMA: NetApp Filer Accounts Locked
FISMA: NetApp Filer Login Successful
PS-5 Control of Technical Vulnerabilities
PS-6 Access Agreements
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 77
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
PS-4PS-5PS-6
Compliance Suite Reports - Continued
FISMA: Oracle Database Logins
FISMA: RACF Accounts Deleted
FISMA: RACF Accounts Modified
FISMA: RACF Permissions Changed
FISMA: RACF Successful Logins
FISMA: Successful Logins
FISMA: Sybase ASE Successful Logins
FISMA: TIBCO Administrator Permission Changes
FISMA: vCenter Successful Logins
FISMA: vCenter User Permission Change
FISMA: vCloud Successful Logins
FISMA: vCloud User Deleted or Removed
FISMA: VPN Users Accessing Corporate Network
FISMA: Windows Accounts Locked
FISMA: Windows Group Members Deleted
FISMA: Permissions Modified on Windows Servers
PS-4 Access Control to Program Source Code
Compliance Suite Alerts
FISMA: Accounts Deleted
FISMA: Accounts Modified
FISMA: Accounts Locked
FISMA: Group Members Deleted
FISMA: Groups Deleted
FISMA: Groups Modified
FISMA: Guardium SQL Guard Logins
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: Logins Succeeded
FISMA: LogLogic DSM Logins
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: NetApp Filer NIS Group Update
FISMA: RACF Permissions Changed
FISMA: vCenter Permission Change
FISMA: vCenter User Login Successful
FISMA: vCloud Director Login Success
FISMA: vCloud User, Group, or Role Modified
FISMA: Windows Permissions Changed
PS-5 Control of Technical Vulnerabilities
PS-6 Access Agreements
Section Description LogLogic Reports and Alerts
78 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
System and Services Acquisition
SA-2 Allocation of Resources Compliance Suite Reports
FISMA: LogLogic Disk Full
FISMA: NetApp Filer File System Full
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
Compliance Suite Alert
FISMA: LogLogic Disk Full
FISMA: NetApp Filer File System Full
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Orchestrator Create Virtual Machine
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 79
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-9 Outsourced Information System Services
Compliance Suite Reports
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco System Restarted
FISMA: DB2 Database Stop and Start Events
FISMA: F5 BIG-IP TMOS Restarted
FISMA: Guardium SQL Guard Audit Startup or Shutdown
FISMA: Guardium SQL Guard Startup or Shutdown
FISMA: i5/OS Restarted
FISMA: Juniper Firewall HA State Changed
FISMA: Juniper Firewall Restarted
FISMA: LogLogic DSM Startup or Shutdown
FISMA: Microsoft Operations Manager - Windows Servers Restarted
FISMA: Oracle Database Shutdown
FISMA: Periodic Review of Log Reports
FISMA: Periodic Review of User Access Logs
FISMA: Sybase ASE Database Startup or Shutdown
FISMA: Symantec Endpoint Protection: Updated
FISMA: System Restarted
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Orchestrator Virtual Machine Shutdown
FISMA: vCenter Orchestrator Virtual Machine Started
FISMA: vCenter Restart ESX Services
FISMA: vCenter Shutdown or Restart of ESX Server
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCenter Virtual Machine Shutdown
FISMA: vCenter Virtual Machine Started
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
FISMA: Windows Servers Restarted
Section Description LogLogic Reports and Alerts
80 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-9 Outsourced Information System Services
Compliance Suite Alerts
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Errors
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: DB2 Database Started or Stopped
FISMA: DNS Server Shutdown
FISMA: DNS Server Started
FISMA: Guardium SQL Guard Startup or Shutdown
FISMA: i5/OS Server or Service Status Change
FISMA: Juniper Firewall HA State Change
FISMA: LogLogic DSM Startup or Shutdown
FISMA: Microsoft SQL Server Shutdown
FISMA: Oracle Database Shutdown
FISMA: Sybase ASE Database Started
FISMA: Sybase ASE Database Stopped
FISMA: System Restarted
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Orchestrator Create Virtual Machine
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCenter Orchestrator Virtual Machine Shutdown
FISMA: vCenter Orchestrator Virtual Machine Started
FISMA: vCenter Restart ESX Services
FISMA: vCenter Shutdown or Restart ESX
FISMA: vCenter Virtual Machine Shutdown
FISMA: vCenter Virtual Machine Started
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: Windows Server Restarted
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 81
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-10 Developer Configuration Management
Compliance Suite Reports
FISMA: Account Activities on UNIX Servers
FISMA: Account Activities on Windows Servers
FISMA: Accounts Changed on NetApp Filer
FISMA: Accounts Changed on Sidewinder
FISMA: Accounts Changed on TIBCO Administrator
FISMA: Accounts Created on NetApp Filer
FISMA: Accounts Created on NetApp Filer Audit
FISMA: Accounts Created on Sidewinder
FISMA: Accounts Created on Symantec Endpoint Protection
FISMA: Accounts Created on TIBCO Administrator
FISMA: Accounts Created on UNIX Servers
FISMA: Accounts Created on Windows Servers
FISMA: Accounts Deleted on NetApp Filer
FISMA: Accounts Deleted on NetApp Filer Audit
FISMA: Accounts Deleted on Sidewinder
FISMA: Accounts Deleted on Symantec Endpoint Protection
FISMA: Accounts Deleted on TIBCO Administrator
FISMA: Accounts Deleted on UNIX Servers
FISMA: Accounts Deleted on Windows Servers
FISMA: Active Directory System Changes
FISMA: Administrators Activities on Servers
FISMA: Check Point Configuration Changes
FISMA: Check Point Object Activity
FISMA: Cisco ISE, ACS Accounts Created
FISMA: Cisco ISE, ACS Accounts Removed
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco ISE, ACS Password Changes
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changes
FISMA: Domain Activities on Symantec Endpoint Protection
FISMA: Escalated Privilege Activities on Servers
FISMA: ESX Accounts Activities
FISMA: ESX Accounts Created
FISMA: ESX Accounts Deleted
FISMA: ESX Group Activities
FISMA: F5 BIG-IP TMOS Password Changes
FISMA: Group Activities on NetApp Filer Audit
Section Description LogLogic Reports and Alerts
82 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-10 Developer Configuration Management
Compliance Suite Reports - Continued
FISMA: Group Activities on Symantec Endpoint Protection
FISMA: Group Activities on UNIX Servers
FISMA: Group Activities on Windows Servers
FISMA: i5/OS DST Password Reset
FISMA: i5/OS Object Permissions Modified
FISMA: Juniper Firewall HA State Changed
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: Microsoft Operations Manager - Windows Account Activities
FISMA: Microsoft Operations Manager - Windows Password Changes
FISMA: Microsoft Operations Manager - Windows Permissions Modified
FISMA: Microsoft Operations Manager - Windows Policies Modified
FISMA: Microsoft Sharepoint Permissions Changed
FISMA: Microsoft Sharepoint Policy Add, Remove, or Modify
FISMA: NetApp Filer Audit Policies Modified
FISMA: NetApp Filer Password Changes
FISMA: RACF Password Changed
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Password Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: TIBCO Administrator Password Changes
FISMA: TIBCO Administrator Permission Changes
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCenter vSwitch Added, Changed or Removed
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud User Deleted or Removed
FISMA: vCloud vApp Created, Modified, or Deleted
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 83
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-10 Developer Configuration Management
Compliance Suite Reports - Continued
FISMA: vCloud vDC Create, Modify, or Delete
FISMA: vShield Edge Configuration Changes
FISMA: Windows Domain Activities
FISMA: Windows New Services Installed
FISMA: Password Changes on Windows Servers
FISMA: Permissions Modified on Windows Servers
FISMA: Policies Modified on Windows Servers
Compliance Suite Alerts
FISMA: Accounts Created
FISMA: Accounts Deleted
FISMA: Active Directory Changes
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco Switch Policy Changed
FISMA: Escalated Privileges
FISMA: Groups Modified
FISMA: i5/OS Network Profile Changes
FISMA: i5/OS Permission or Policy Change
FISMA: i5/OS User Profile Changes
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper Firewall HA State Change
FISMA: Juniper VPN Policy Change
FISMA: Microsoft Operations Manager - Permissions Changed
FISMA: Microsoft Sharepoint Permission Changed
FISMA: Microsoft Sharepoint Policies Added, Removed, Modified
FISMA: NetApp Filer Audit Policies Changed
FISMA: NetApp Filer NIS Group Update
FISMA: RACF Permissions Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: Symantec Endpoint Protection Policy Add, Delete, Modify
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Firewall Policy Change
FISMA: vCenter Orchestrator Create Virtual Machine
Section Description LogLogic Reports and Alerts
84 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SA-10 Developer Configuration Management
Compliance Suite Alerts - Continued
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCenter vSwitch Add, Modify or Delete
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud User Created
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: vShield Edge Configuration Change
FISMA: Windows Objects Create/Delete
FISMA: Windows Permissions Changed
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 85
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
System and Communications Protection
SC-2 Application Partitioning Compliance Suite Reports
FISMA: vCenter Orchestrator Virtual Machine Created
FISMA: vCenter Orchestrator Virtual Machine Deleted
FISMA: vCenter Virtual Machine Created
FISMA: vCenter Virtual Machine Deleted
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Modified, or Deleted
FISMA: vCloud vDC Create, Modify, or Delete
Section Description LogLogic Reports and Alerts
86 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SC-2 Application Partitioning Compliance Suite Reports
FISMA: Active Directory System Changes
FISMA: Check Point Object Activity
FISMA: Check Point Configuration Changes
FISMA: Cisco ISE, ACS Configuration Changes
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changes
FISMA: Firewall Traffic Considered Risky - Cisco IOS
FISMA: Firewall Traffic Considered Risky - Cisco Netflow
FISMA: Firewall Traffic Considered Risky - Cisco PIX
FISMA: Firewall Traffic Considered Risky - Juniper Firewall
FISMA: Firewall Traffic Considered Risky - Check Point
FISMA: Firewall Traffic Considered Risky - Cisco ASA
FISMA: Firewall Traffic Considered Risky - Cisco FWSM
FISMA: Firewall Traffic Considered Risky - Fortinet
FISMA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS
FISMA: Firewall Traffic Considered Risky - Juniper JunOS
FISMA: Firewall Traffic Considered Risky - Juniper RT Flow
FISMA: Firewall Traffic Considered Risky - Nortel
FISMA: Firewall Traffic Considered Risky - PANOS
FISMA: Firewall Traffic Considered Risky - Sidewinder
FISMA: Firewall Traffic Considered Risky - VMware vShield
FISMA: Juniper Firewall Policy Changed
FISMA: Juniper SSL VPN (Secure Access) Policy Changed
FISMA: NetApp Filer Audit Policies Modified
FISMA: Symantec Endpoint Protection Configuration Changes
FISMA: Symantec Endpoint Protection Policy Add, Remove, or Modify
FISMA: vCenter Change Attributes
FISMA: vCenter Modify Firewall Policy
FISMA: vCenter Orchestrator Change Attributes
FISMA: vCenter Orchestrator Create Virtual Machine
FISMA: vCenter Orchestrator Delete Virtual Machine
FISMA: vCenter Orchestrator vSwitch Added, Changed or Removed
FISMA: vCenter Resource Usage Change
FISMA: vCenter vSwitch Added, Changed or Removed
FISMA: vShield Edge Configuration Changes
SC-3 Security Function Isolation
SC-7 Boundary Protection
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 87
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SC-2SC-3SC-7
Compliance Suite Alerts
FISMA: Active Directory Changes
FISMA: Check Point Policy Changed
FISMA: Cisco ISE, ACS Configuration Changed
FISMA: Cisco PIX, ASA, FWSM Policy Changed
FISMA: Cisco PIX, ASA, FWSM Routing Failure
FISMA: Cisco Switch Policy Changed
FISMA: F5 BIG-IP TMOS Risky Traffic
FISMA: Firewall Traffic Considered Risky
FISMA: Juniper Firewall Policy Changes
FISMA: Juniper VPN Policy Change
FISMA: NetApp Filer Audit Policies Changed
FISMA: Symantec Endpoint Protection Configuration Changed
FISMA: vCenter Create Virtual Machine
FISMA: vCenter Delete Virtual Machine
FISMA: vCenter Firewall Policy Change
FISMA: vCenter vSwitch Add, Modify or Delete
FISMA: vCenter Orchestrator vSwitch Add, Modify or Delete
FISMA: vCloud Organization Created
FISMA: vCloud Organization Deleted
FISMA: vCloud Organization Modified
FISMA: vCloud vApp Created, Deleted, or Modified
FISMA: vCloud vDC Created, Modified, or Deleted
FISMA: vShield Edge Configuration Change
FISMA: vShield Risky Traffic
Section Description LogLogic Reports and Alerts
88 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SC-18 Mobile Code Compliance Suite Reports
FISMA: Applications Under Attack FISMA: Applications Under Attack - Cisco IOS
FISMA: Applications Under Attack - ISS SiteProtector
FISMA: Applications Under Attack - SiteProtector
FISMA: Attack Origins FISMA: Attack Origins - Cisco IOS
FISMA: Attack Origins - ISS SiteProtector
FISMA: Attack Origins - SiteProtector
FISMA: Attacks Detected FISMA: Attacks Detected - Cisco IOS
FISMA: Attacks Detected - ISS SiteProtector
FISMA: Attacks Detected - SiteProtector
FISMA: Firewall Connections Accepted - Check Point
FISMA: Firewall Connections Accepted - Cisco ASA
FISMA: Firewall Connections Accepted - Cisco FWSM
FISMA: Firewall Connections Accepted - Cisco IOS
FISMA: Firewall Connections Accepted - Cisco Netflow
FISMA: Firewall Connections Accepted - Cisco NXOS
FISMA: Firewall Connections Accepted - Cisco PIX
FISMA: Firewall Connections Accepted - F5 BIG-IP TMOS
FISMA: Firewall Connections Accepted - Fortinet
FISMA: Firewall Connections Accepted - Juniper Firewall
FISMA: Firewall Connections Accepted - Juniper JunOS
FISMA: Firewall Connections Accepted - Juniper RT Flow
FISMA: Firewall Connections Accepted - Nortel
FISMA: Firewall Connections Accepted - PANOS
FISMA: Firewall Connections Accepted - Sidewinder
FISMA: Firewall Connections Accepted - VMware vShield
FISMA: Firewall Connections Denied - Check Point
FISMA: Firewall Connections Denied - Cisco ASA
FISMA: Firewall Connections Denied - Cisco FWSM
FISMA: Firewall Connections Denied - Cisco IOS
FISMA: Firewall Connections Denied - Cisco NXOS
FISMA: Firewall Connections Denied - Cisco PIX
FISMA: Firewall Connections Denied - Cisco Router
FISMA: Firewall Connections Denied - F5 BIG-IP TMOS
FISMA: Firewall Connections Denied - Fortinet
FISMA: Firewall Connections Denied - Juniper Firewall
FISMA: Firewall Connections Denied - Juniper JunOS
FISMA: Firewall Connections Denied - Juniper RT Flow
FISMA: Firewall Connections Denied - Nortel
FISMA: Firewall Connections Denied - PANOS
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 89
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SC-18 Mobile Code Compliance Suite Reports - Continued
FISMA: Firewall Connections Denied - Sidewinder
FISMA: Firewall Connections Denied - VMware vShield
FISMA: Windows New Services Installed
Compliance Suite Alert
FISMA: Anomalous IDS Alerts
Section Description LogLogic Reports and Alerts
90 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
System and Information Integrity
SI-2 Flaw Remediation Compliance Suite Reports
FISMA: Cisco Peer Reset/Reload
FISMA: Cisco Peer Supervisor Status Changes
FISMA: Cisco PIX, ASA, FWSM Failover Disabled
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: Cisco PIX, ASA, FWSM Restarted
FISMA: Cisco Redundancy Version Check Failed
FISMA: Juniper Firewall HA State Changed
FISMA: Juniper Firewall Policy Out of Sync
FISMA: Juniper Firewall Reset Accepted
FISMA: Juniper Firewall Reset Imminent
FISMA: LogLogic Disk Full
FISMA: LogLogic HA State Changed
FISMA: NetApp Filer Disk Failure
FISMA: NetApp Filer Disk Missing
FISMA: NetApp Filer File System Full
FISMA: NetApp Filer Snapshot Error
FISMA: Software Update Successes on i5/OS
FISMA: Windows Software Update Activities
FISMA: Windows Software Update Failures
FISMA: Windows Software Update Successes
Compliance Suite Alerts
FISMA: Cisco PIX, ASA, FWSM Failover Performed
FISMA: i5/OS Software Updates
FISMA: Juniper Firewall HA State Change
FISMA: Juniper Firewall Peer Missing
FISMA: Juniper Firewall Policy Out of Sync
FISMA: LogLogic HA State Change
FISMA: NetApp Filer Snapshot Error
FISMA: NetApp Filer Disk Failure
FISMA: NetApp Filer Disk Missing
FISMA: NetApp Filer Disk Pulled
FISMA: NetApp Filer File System Full
FISMA: Windows Software Updates
FISMA: Windows Software Updates Failed
FISMA: Windows Software Updates Succeeded
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 91
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SI-3 Malicious Code Protection Compliance Suite Reports
FISMA: Applications Under Attack FISMA: Applications Under Attack - Cisco IOS
FISMA: Applications Under Attack - ISS SiteProtector
FISMA: Applications Under Attack - SiteProtector
FISMA: Attack Origins FISMA: Attack Origins - Cisco IOS
FISMA: Attack Origins - ISS SiteProtector
FISMA: Attack Origins - SiteProtector
FISMA: Attacks Detected FISMA: Attacks Detected - Cisco IOS
FISMA: Attacks Detected - ISS SiteProtector
FISMA: Attacks Detected - SiteProtector
FISMA: Cisco ESA: Attacks by Event ID FISMA: Cisco ESA: Attacks Detected FISMA: Cisco ESA: Attacks by Threat Name FISMA: Cisco ESA: Scans FISMA: Firewall Connections Denied - Check Point FISMA: Firewall Connections Denied - Cisco ASA FISMA: Firewall Connections Denied - Cisco FWSM FISMA: Firewall Connections Denied - Cisco IOS FISMA: Firewall Connections Denied - Cisco NXOS FISMA: Firewall Connections Denied - Cisco PIX FISMA: Firewall Connections Denied - Cisco Router
FISMA: Firewall Connections Denied - F5 BIG-IP TMOS
FISMA: Firewall Connections Denied - Fortinet FISMA: Firewall Connections Denied - Juniper Firewall FISMA: Firewall Connections Denied - Juniper JunOS FISMA: Firewall Connections Denied - Juniper RT Flow FISMA: Firewall Connections Denied - Nortel FISMA: Firewall Connections Denied - PANOS FISMA: Firewall Connections Denied - Sidewinder FISMA: Firewall Connections Denied - VMware vShield FISMA: FortiOS: Attacks by Event ID FISMA: FortiOS: Attacks by Threat Name FISMA: FortiOS: Attacks Detected FISMA: FortiOS DLP Attacks Detected FISMA: McAfee AntiVirus: Attacks by Event ID FISMA: McAfee AntiVirus: Attacks by Threat Name FISMA: McAfee AntiVirus: Attacks Detected FISMA: PANOS: Attacks by Event ID FISMA: PANOS: Attacks by Threat Name FISMA: PANOS: Attacks Detected FISMA: Software Update Successes on i5/OS FISMA: Symantec AntiVirus: Attacks by Threat Name FISMA: Symantec AntiVirus: Attacks Detected FISMA: Symantec AntiVirus: Scans FISMA: Symantec Endpoint Protection: Attacks by Threat Name FISMA: Symantec Endpoint Protection: Attacks Detected
Section Description LogLogic Reports and Alerts
92 FISMA Compliance Suite Quick Start Guide
LogLogic Reports and Alerts for FISMA : LogLogic Reports and Alerts Quick Reference
SI-3 Malicious Code Protection Compliance Suite Reports - Continued
FISMA: TrendMicro Control Manager: Attacks Detected FISMA: TrendMicro Control Manager: Attacks Detected by Threat FISMA: TrendMicro OfficeScan: Attacks Detected FISMA: TrendMicro OfficeScan: Attacks Detected by Threat Name FISMA: Windows New Services Installed FISMA: Windows Software Update Activities FISMA: Windows Software Update Failures FISMA: Windows Software Update SuccessesCompliance Suite Alerts
FISMA: Anomalous IDS Alerts
FISMA: i5/OS Software Updates
FISMA: Windows Software Updates
FISMA: Windows Software Updates Failed
FISMA: Windows Software Updates Succeeded
SI-4 Intrusion Detection Tools and Techniques
Compliance Suite Reports
FISMA: Applications Under Attack FISMA: Applications Under Attack - Cisco IOS
FISMA: Applications Under Attack - ISS SiteProtector
FISMA: Applications Under Attack - SiteProtector
FISMA: Attack Origins FISMA: Attack Origins - Cisco IOS
FISMA: Attack Origins - ISS SiteProtector
FISMA: Attack Origins - SiteProtector
FISMA: Attacks Detected FISMA: Attacks Detected - Cisco IOS
FISMA: Attacks Detected - ISS SiteProtector
FISMA: Attacks Detected - SiteProtector
Compliance Suite Alert
FISMA: Anomalous IDS Alerts
Section Description LogLogic Reports and Alerts
FISMA Compliance Suite Quick Start Guide 93