| Section | Requirement | Solution |
|---|
| 10.2 |
Implement automated audit trails for all system components to reconstruct the following events. |
Out-of-the-box Security Event Log filters and reports such as:
- Failed Logons
- Success Logons
- Account Management
- Logon Sessions
- New User Accounts
- Account Lockout
Real-time and scheduled monitoring of all Object Access Security Event Log entries.
|
| 10.4 |
Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.
Note: One example of time synchronization technology is Network Time Protocol (NTP).
|
Pre-installed Synchronize Clocks template which uses NTP to synchronize clocks on all discovered Windows servers. |
| 10.5 |
Secure audit trails so they cannot be altered. |
Pre-installed Event Log File Backup template which can be scheduled to consolidate to a central log server then encrypt, password protect and digitally sign output files ensuring file integrity.
Includes a File Consolidation template which can be scheduled to consolidate to a central log server any set of files then encrypt, password protect and digitally sign output files ensuring file integrity.
Pre-installed Syslog Backup template which can be scheduled to archive consolidated Syslog messages to a central log server then encrypt, password protect and digitally sign output files ensuring file integrity. |
| 10.5.3 |
Promptly back up audit trail files to a centralized log server or media that is difficult to alter. |
Pre-installed Event Log Consolidation template which can be scheduled to download Event Logs to a central log server then save to SQL Server, MySQL, Oracle or our own binary file format.
Includes a Syslog Server that is pre-configured to save all received Syslog messages. Optionally supports saving messages to SQL Server, MySQL or Oracle.
Includes several Text Log Monitoring templates that can be configured to save all entries to a central log server. Supported output includes: SQL Server, MySQL, Oracle and our own binary file format. |
| 10.6 |
Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
Note: Log harvesting, parsing, and alerting tools may be used to meet compliance with Requirement 10.6. |
Includes:
Numerous log viewers that enable users to page through large volumes of data, hide duplicate entries, filter and merge multiple logs into a single view.
Out-of-the-box filters.
Customizable filters with AND, OR, NOT, criteria nesting and regular expression support.
Automated and on-demand reporting. |