TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Transcription

1 TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide Software Release: December 2012 Two-Second Advantage

2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, Two-Second Advantage and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. and/or subsidiaries of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. PLEASE SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

3 Contents Preface: About This Guide Technical Support Information Documentation Support Information Contact Information Conventions Chapter 1: LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley LogLogic Alerts for COBIT 4.1 and Sarbanes-Oxley LogLogic Reports and Alerts Quick Reference SOX and COBIT Compliance Suite Quick Start Guide

4 CONTENTS SOX and COBIT Compliance Suite Quick Start Guide 4

5 About This Guide : Technical Support Information PREFACE: About This Guide The TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide provides introduction and overview information regarding the Sarbanes-Oxley (SOX) Act and the Control Objectives for Information and Related Technology (COBIT) control framework. It also covers topics related to managing LogLogic s SOX compliance reports, alerts, and using log data collected and aggregated from all types of source systems to monitor and report on SOX compliance. Technical Support Information LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your Tibco LogLogic Compliance Suites. To reach the LogLogic Support team by telephone: Toll Free LOGS Local EMEA support@loglogic.com Support Website: When contacting LogLogic Support, be prepared to provide the following information: Your name, address, phone number, and fax number Your company name and company address Your appliance model and release version Serial number located on the back of the Appliance or the eth0 MAC address A description of the problem and the content of pertinent error messages (if any) SOX and COBIT Compliance Suite Quick Start Guide 5

6 About This Guide : Documentation Support Information Documentation Support Information Conventions The LogLogic documentation includes Portable Document Format (PDF) files. To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at Contact Information Your feedback on the LogLogic documentation is important to us. If you have questions or comments, send to DocComments@loglogic.com. In your message, please indicate the software name and version you are using, as well as the title and document release date of your documentation. Your comments will be reviewed and addressed by the LogLogic Technical Publications team. The LogLogic documentation uses the following conventions to distinguish text and information that might require special attention. Caution: Highlights important situations that could potentially damage data or cause system failure. IMPORTANT! Highlights key considerations to keep in mind. Note: Provides additional information that is useful but not always essential or highlights guidelines and helpful hints. This guide also uses the following typographic conventions to highlight code and command line elements: Monospace is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as file names, directories, paths, and URLs). Monospace bold is used to distinguish system prompts or screen output from user responses, as in this example: username: system home directory: home\app Monospace italic is used for placeholders, which are general names that you replace with names specific to your site, as in this example: LogLogic_home_directory\upgrade\ Straight brackets signal options in command line syntax. ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path...] 6 SOX and COBIT Compliance Suite Quick Start Guide

7 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley CHAPTER 1: LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley This chapter provides a detailed listing of all COBIT 4.1 control objectives with their corresponding Tibco LogLogic compliance suite reports and/or alerts. LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley LogLogic Alerts for COBIT 4.1 and Sarbanes-Oxley LogLogic Reports and Alerts Quick Reference LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley The following table lists the reports included in the Tibco LogLogic Compliance Suite: COBIT 4.1 and Sarbanes-Oxley Edition. # LogLogic Report Description 1 COBIT: Accepted VPN Connections - RADIUS 2 COBIT: Account Activities on UNIX Servers 3 4 COBIT: Account Activities on Windows Servers COBIT: Accounts Added to Groups on Windows Servers 5 COBIT: Accounts Changed on NetApp Filer 6 COBIT: Accounts Changed on Sidewinder COBIT: Accounts Changed on TIBCO Administrator COBIT: Accounts Changed on UNIX Servers COBIT: Accounts Changed on Windows Servers 10 COBIT: Accounts Created on NetApp Filer 11 COBIT: Accounts Created on NetApp Filer Audit 12 COBIT: Accounts Created on Sidewinder COBIT: Accounts Created on Symantec Endpoint Protection COBIT: Accounts Created on TIBCO Administrator Displays all users connected to the internal network through the RADIUS VPN. Displays all accounts activities on UNIX servers to ensure authorized and appropriate access. Displays all accounts activities on Windows servers to ensure authorized and appropriate access. Displays all accounts added to groups on the Windows servers to ensure appropriate access. Displays all accounts changed on NetApp Filer to ensure authorized and appropriate access. Displays all accounts changed on Sidewinder to ensure authorized and appropriate access. Displays all accounts changed on TIBCO Administrator to ensure authorized and appropriate access. Displays all accounts changed on UNIX servers to ensure authorized and appropriate access. Displays all accounts changed on Windows servers to ensure authorized and appropriate access. Displays all accounts created on NetApp Filer to ensure authorized and appropriate access. Displays all accounts created on NetApp Filer Audit to ensure authorized and appropriate access. Displays all accounts created on Sidewinder to ensure authorized and appropriate access. Displays all accounts created on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all accounts created on TIBCO Administrator to ensure authorized and appropriate access. SOX and COBIT Compliance Suite Quick Start Guide 7

8 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 15 COBIT: Accounts Created on UNIX Servers 16 COBIT: Accounts Created on Windows Servers 17 COBIT: Accounts Deleted on NetApp Filer 18 COBIT: Accounts Deleted on NetApp Filer Audit 19 COBIT: Accounts Deleted on Sidewinder COBIT: Accounts Deleted on Symantec Endpoint Protection COBIT: Accounts Deleted on TIBCO Administrator 22 COBIT: Accounts Deleted on UNIX Servers COBIT: Accounts Deleted on Windows Servers COBIT: Accounts Removed from Groups on Windows Servers Displays all accounts created on UNIX servers to ensure authorized and appropriate access. Displays all accounts created on Windows servers to ensure authorized and appropriate access. Displays all accounts deleted on NetApp Filer to ensure authorized and appropriate access. Displays all accounts deleted on NetApp Filer Audit to ensure authorized and appropriate access. Displays all accounts deleted on Sidewinder to ensure authorized and appropriate access. Displays all accounts deleted on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all accounts deleted on TIBCO Administrator to ensure authorized and appropriate access. Displays all accounts deleted on UNIX servers to ensure authorized and appropriate access. Displays all accounts deleted on Windows servers to ensure authorized and appropriate access. Displays all accounts removed from groups on the Windows servers to ensure appropriate access. 25 COBIT: Active Connections for Cisco ASA Displays all currently active firewall connections for Cisco ASA. 26 COBIT: Active Connections for Cisco Displays all currently active firewall connections for Cisco FWSM. FWSM 27 COBIT: Active Connections for Cisco PIX Displays all currently active firewall connections for Cisco PIX devices. 28 COBIT: Active Directory System Changes Changes made within Active Directory COBIT: Active VPN Connections for Cisco VPN Concentrators COBIT: Active VPN Connections for Nortel Contivity COBIT: Active VPN Connections for RADIUS Displays all currently active VPN connections for Cisco VPN Concentrators. Displays all currently active VPN connections for Nortel Contivity VPN devices. Displays all currently active VPN connections for RADIUS Acct Client. COBIT: Administrator Logins on Windows Displays all logins with the administrator account on Windows servers. 32 Servers 33 COBIT: Allowed URLs by Source IPs Displays successful access to URLs by source IP addresses COBIT: Allowed URLs by Source IPs - F5 BIG-IP TMOS COBIT: Allowed URLs by Source IPs - Microsoft IIS Displays successful access to URLs by source IP addresses on F5 BIG-IP TMOS. Displays successful access to URLs by source IP addresses on Microsoft IIS. 36 COBIT: Allowed URLs by Source Users Displays successful access to URLs by source users. 37 COBIT: Allowed URLs by Source Users - F5 BIG-IP TMOS Displays successful access to URLs by source users on F5 BIG-IP TMOS. 38 COBIT: Allowed URLs by Source Users - Microsoft IIS Displays successful access to URLs by source users on Microsoft IIS. 39 COBIT: Applications Under Attack Displays all applications under attack as well as the attack signatures. 8 SOX and COBIT Compliance Suite Quick Start Guide

9 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description COBIT: Applications Under Attack - Cisco IOS COBIT: Applications Under Attack - ISS SiteProtector COBIT: Applications Under Attack - SiteProtector Displays all applications under attack as well as the attack signatures by Cisco IOS. Displays all applications under attack as well as the attack signatures by ISS SiteProtector. Displays all applications under attack as well as the attack signatures by SiteProtector. 43 COBIT: Attackers by Service Displays all attack source IP address and service ports. 44 COBIT: Attackers by Service - Cisco IOS Displays all attack source IP address and service ports by Cisco IOS. 45 COBIT: Attackers by Service - ISS SiteProtector Displays all attack source IP address and service ports by ISS SiteProtector. 46 COBIT: Attackers by Service - SiteProtector Displays all attack source IP address and service ports by SiteProtector. 47 COBIT: Attackers by Signature Displays all attack source IP address and signatures. 48 COBIT: Attackers by Signature - Cisco IOS Displays all attack source IP address and signatures by Cisco IOS. 49 COBIT: Attackers by Signature - ISS SiteProtector Displays all attack source IP address and signatures by ISS SiteProtector. 50 COBIT: Attackers by Signature - SiteProtector Displays all attack source IP address and signatures by SiteProtector. 51 COBIT: Attacks Detected Displays all IDS attacks detected to servers and applications. 52 COBIT: Attacks Detected - Cisco IOS Displays all IDS attacks detected to servers and applications by Cisco IOS. 53 COBIT: Attacks Detected - ISS SiteProtector Displays all IDS attacks detected to servers and applications by ISS SiteProtector. 54 COBIT: Attacks Detected - SiteProtector Displays all IDS attacks detected to servers and applications by SiteProtector. 55 COBIT: Bandwidth Usage by User Displays users who are using the most bandwidth. 56 COBIT: Blocked URLs by Source IPs Displays URLs that have been blocked by source IP addresses COBIT: Blocked URLs by Source IPs - F5 BIG-IP TMOS COBIT: Blocked URLs by Source IPs - Microsoft IIS Displays URLs that have been blocked by source IP addresses on F5 BIG-IP TMOS. Displays URLs that have been blocked by source IP addresses on Microsoft IIS. 59 COBIT: Blocked URLs by Source Users Displays URLs that have been blocked by source users. 60 COBIT: Blocked URLs by Source Users - F5 BIG-IP TMOS Displays URLs that have been blocked by source users on F5 BIG-IP TMOS. COBIT: Blocked URLs by Source Users - 61 Displays URLs that have been blocked by source users on Microsoft IIS. Microsoft IIS 62 COBIT: Check Point Configuration Changes Displays all Check Point audit events related to configuration changes. 63 COBIT: Check Point Management Station Displays successful logins to the Check Point Management Station. Login 64 COBIT: Check Point Objects Created Displays all Check Point audit events related to object creation in policies. 65 COBIT: Check Point Objects Deleted Displays all Check Point audit events related to policy objects deleted. 66 COBIT: Check Point Objects Modified Displays all Check Point audit events related to policy objects modified. 67 COBIT: Check Point SIC Revoked Displays all Check Point audit events related to the security certificate being revoked. 68 COBIT: Cisco Configuration Changes Changes to Cisco devices via console and TFTP connections. 69 COBIT: Cisco ESA: Attacks by Event ID Displays Cisco ESA attacks by Event ID. 70 COBIT: Cisco ESA: Attacks Detected Displays attacks detected by Cisco ESA SOX and COBIT Compliance Suite Quick Start Guide 9

10 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 71 COBIT: Cisco ESA: Attacks by Threat Name Displays Cisco ESA attacks by threat name. 72 COBIT: Cisco ESA: Scans Scans using Cisco ESA 73 COBIT: Cisco ESA: Updated Updates to Cisco ESA. 74 COBIT: Cisco ISE, ACS Accounts Created 75 COBIT: Cisco ISE, ACS Accounts Removed 76 COBIT: Cisco ISE, ACS Configuration Changes 77 COBIT: Cisco ISE, ACS Password Changes Displays all accounts created on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access. Displays all accounts removed on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access. Displays Cisco ISE and Cisco SecureACS configuration changes. Displays all password change activities on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access. 78 COBIT: Cisco Line Protocol Status Status Displays all Cisco line protocol up and down events. Changes 79 COBIT: Cisco Link Status Changes Displays all Cisco link up and down events 80 COBIT: Cisco Peer Reset/Reload Displays all Cisco Peer reset and reload events COBIT: Cisco Peer Supervisor Status Changes COBIT: Cisco PIX, ASA, FWSM Failover Disabled COBIT: Cisco PIX, ASA, FWSM Failover Performed COBIT: Cisco PIX, ASA, FWSM Policy Changed 85 COBIT: Cisco Routers and Switches Restart COBIT: Creation and Deletion of System Level Objects: AIX Audit COBIT: Creation and Deletion of System Level Objects: DB2 Database COBIT: Creation and Deletion of System Level Objects: HP-UX Audit COBIT: Creation and Deletion of System Level Objects: Windows COBIT: Creation and Deletion of System Level Objects: Oracle COBIT: Creation and Deletion of System Level Objects: Solaris BSM COBIT: Creation and Deletion of System Level Objects: SQL Server Displays all Cisco Peer Supervisor status changes. Displays all logs related to disabling Cisco PIX, ASA, and FWSM failover capability. Displays all logs related to performing a Cisco PIX, ASA, and FWSM failover. Displays all configuration changes made to the Cisco PIX, ASA, and FWSM devices. Displays all Cisco routers and switches restart activities to detect unusual activities. Displays AIX audit events related to creation and deletion of system-level objects. Displays DB2 database events related to creation and deletion of system-level objects. Displays HP-UX audit events related to creation and deletion of system-level objects. Displays all Windows events related to creation and deletion of system-level objects. Displays Oracle database events related to creation and deletion of system-level objects. Displays Solaris BSM events related to creation and deletion of system-level objects. Displays Microsoft SQL Server events related to creation and deletion of system-level objects. 93 COBIT: DB2 Database Backup Failed Displays all IBM DB2 Database Server backup failures. COBIT: DB2 Database Configuration Displays DB2 database configuration changes. 94 Changes 95 COBIT: DB2 Database Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 96 COBIT: DB2 Database Logins Displays DB2 database logins. 97 COBIT: DB2 Database Restore Failed Displays all IBM DB2 Database restore failure events. 10 SOX and COBIT Compliance Suite Quick Start Guide

11 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 98 COBIT: DB2 Database Stop and Start Events 99 COBIT: DB2 Database User Additions and Deletions Displays DB2 database events related to starting and stopping the database. Displays IBM DB2 Database events related to creation and deletion of database users. COBIT: Decru DataFort Cryptographic Key Displays events related to cryptographic key handling. 100 Events 101 COBIT: Decru DataFort Zeroization Events Displays events related to Decru DataFort zeroization COBIT: Denied Connections by IP Addresses - Check Point COBIT: Denied Connections by IP Addresses - Cisco ASA COBIT: Denied Connections by IP Addresses - Cisco FWSM COBIT: Denied Connections by IP Addresses - Cisco PIX COBIT: Denied Connections by IP Addresses - Nortel Displays remote IP addresses with the most denied connections from Check Point. Displays remote IP addresses with the most denied connections from Cisco ASA. Displays remote IP addresses with the most denied connections from Cisco FWSM. Displays remote IP addresses with the most denied connections from Cisco PIX. Displays remote IP addresses with the most denied connections from Nortel. 107 COBIT: Denied Connections - Cisco IOS Displays all connections that have been denied by the Cisco IOS devices. 108 COBIT: Denied Connections - Cisco NXOS 109 COBIT: Denied Connections - Cisco Router COBIT: Denied Connections - Cisco Sidewinder COBIT: Denied Connections - Cisco VMware vshield COBIT: Denied Inbound Connections - Cisco ASA COBIT: Denied Inbound Connections - Cisco FWSM COBIT: Denied Inbound Connections - Cisco PIX COBIT: Denied Inbound Connections - Check Point COBIT: Denied Inbound Connections - Juniper Firewall COBIT: Denied Outbound Connections - Cisco ASA COBIT: Denied Outbound Connections - Cisco FWSM COBIT: Denied Outbound Connections - Check Point COBIT: Denied Outbound Connections - Cisco PIX COBIT: Denied Connections - F5 BIG-IP TMOS Displays all connections that have been denied by the Cisco NXOS devices. Displays all connections that have been denied by the Cisco Router devices. Displays the applications that have been denied access the most by the Sidewinder to review access violations. Displays all connections that have been denied by the VMware vshield devices. Displays all inbound connections that have been denied by the Cisco ASA devices. Displays all inbound connections that have been denied by the Cisco FWSM devices. Displays all inbound connections that have been denied by the Cisco PIX devices. Displays all inbound connections that have been denied by the Check Point devices. Displays all inbound connections that have been denied by the Juniper Firewalls. Displays all outbound connections that have been denied by the Cisco ASA devices. Displays all outbound connections that have been denied by the Cisco FWSM. Displays all outbound connections that have been denied by the Check Point. Displays all outbound connections that have been denied by the Cisco PIX devices. Displays all connections that have been denied by the F5 BIG-IP TMOS device. SOX and COBIT Compliance Suite Quick Start Guide 11

12 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description COBIT: Denied Outbound Connections - Juniper Firewall COBIT: Denied VPN Connections - RADIUS COBIT: Domain activities on Symantec Endpoint Protection COBIT: DHCP Granted/Renewed Activities on Microsoft DHCP Displays all outbound connections that have been denied by the Juniper Firewalls. Displays all users denied access to the internal network by the RADIUS VPN. Display all domain activities on Symantec Endpoint Protection. Displays all DHCP Granted/Renewed activities on Microsoft DHCP Server. COBIT: DHCP Granted/Renewed Displays all DHCP Granted/Renewed activities on VMware vshield Edge 126 Activities on VMware vshield 127 COBIT: DNS Server Error Displays all events when DNS Server has errors COBIT: Domains Sending the Most - Exchange 2000/2003 COBIT: Recipients Receiving the Most s by Count - Exchange 2000/ 2003 COBIT: Recipients Receiving the Most s by Count - Exchange 2007/10 COBIT: Recipients Receiving the Most s by Size - Exchange 2000/2003 COBIT: Senders Sending the Most s by Count - Exchange 2000/2003 COBIT: Senders Sending the Most s by Count - Exchange 2007/10 COBIT: Senders Sending the Most s by Size - Exchange 2000/2003 COBIT: Senders Sending the Most s by Size - Exchange 2007/10 COBIT: Source IP Sending To Most Recipients COBIT: Escalated Privilege Activities on Servers COBIT: Escalated Privilege Activities on SOX Servers 139 COBIT: ESX Accounts Activities 140 COBIT: ESX Accounts Created Displays the top domains sending . Displays the recipients who receiving the most s by count. Displays the recipients who receiving the most s by count. Displays the recipients who received the most s by mail size. Displays the senders who sent the most s by count. Displays the senders who sent the most s by count. Displays the senders who sent the most s by mail size. Displays the senders who sent the most s by mail size. Displays IP addresses that are sending to the most recipients using Exchange 2007/10. Displays all privilege escalation activities performed on servers to ensure appropriate access. Displays all privilege escalation activities performed on servers to ensure appropriate access. Displays all accounts activities on VMware ESX servers to ensure authorized and appropriate access. Displays all accounts created on VMware ESX servers to ensure authorized and appropriate access. 141 COBIT: ESX Accounts Deleted Displays all accounts deleted on VMware ESX servers to ensure authorized and appropriate access. 142 COBIT: ESX Failed Logins Failed VMware ESX logins for known user. Displays all group activities on VMware ESX servers to ensure authorized 143 COBIT: ESX Group Activities and appropriate access. 144 COBIT: ESX Kernel log daemon terminating Displays all VMware ESX Kernel log daemon terminating. 145 COBIT: ESX Kernel logging Stop Displays all VMware ESX Kernel logging stops. 12 SOX and COBIT Compliance Suite Quick Start Guide

13 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 146 COBIT: ESX Logins Failed Unknown User Failed VMware ESX logins for unknown user. 147 COBIT: ESX Logins Succeeded Displays successful logins to VMware ESX to ensure only authorized personnel have access. 148 COBIT: ESX Syslogd Restart Displays all VMware ESX syslogd restarts. 149 COBIT: F5 BIG-IP TMOS Login Failed Displays all F5 BIG-IP TMOS Login events which have failed. 150 COBIT: F5 BIG-IP TMOS Login Successful Displays all F5 BIG-IP TMOS Login events which have succeeded. 151 COBIT: F5 BIG-IP TMOS Password Changes Displays all password change activities on F5 BIG-IP TMOS to ensure authorized and appropriate access. 152 COBIT: F5 BIG-IP TMOS Restarted Displays all events when the F5 BIG-IP TMOS has been restarted. 153 COBIT: Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 154 COBIT: Failed Windows Events Summary Displays summary of all failed access-related Windows events. 155 COBIT: Files Accessed on NetApp Filer Audit Displays all files accessed on NetApp Filer Audit to ensure appropriate access. 156 COBIT: Files Accessed on Servers Displays all files accessed on servers to ensure appropriate access. 157 COBIT: Files Accessed through Juniper SSL VPN (Secure Access) 158 COBIT: Files Downloaded via Proxy 159 COBIT: Files Downloaded via Proxy - Microsoft IIS 160 COBIT: Files Downloaded via the Web COBIT: Files Downloaded via the Web - F5 BIG-IP TMOS COBIT: Files Downloaded via the Web - Microsoft IIS 163 COBIT: Files Uploaded via Proxy 164 COBIT: Files Uploaded via Proxy - Microsoft IIS 165 COBIT: Files Uploaded via the Web COBIT: Files Uploaded via the Web - F5 BIG-IP TMOS COBIT: Files Uploaded via the Web - Microsoft IIS Displays all files accessed through Juniper SSL VPN (Secure Access). Displays all proxy-based downloads ensure authorized and appropriate access. Displays all proxy-based downloads to ensure authorized and appropriate access on Microsoft IIS. Displays all web-based downloads ensure authorized and appropriate access. Displays all web-based downloads ensure authorized and appropriate access on F5 BIG-IP TMOS. Displays all web-based downloads ensure authorized and appropriate access on Microsoft IIS. Displays all proxy-based uploads to ensure only authorized data can be uploaded. Displays all proxy-based uploads to ensure only authorized data can be uploaded on Microsoft IIS. Displays all web-based uploads to ensure only authorized data can be uploaded. Displays all web-based uploads to ensure only authorized data can be uploaded on F5 BIG-IP TMOS. Displays all web-based uploads to ensure only authorized data can be uploaded on Microsoft IIS. 168 COBIT: FortiOS: Attacks by Event ID Displays FortiOS attacks by Event ID. 169 COBIT: FortiOS: Attacks by Threat Name Displays FortiOS attacks by threat name. 170 COBIT: FortiOS: Attacks Detected Displays attacks detected by FortiOS 171 COBIT: FortiOS DLP Attacks Detected Display all DLP attacks detected by FortiOS. 172 COBIT: Group Activities on NetApp Filer Audit Displays all group activities on NetApp Filer Audit to ensure authorized and appropriate access. SOX and COBIT Compliance Suite Quick Start Guide 13

14 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 173 COBIT: Group Activities on Symantec Endpoint Protection 174 COBIT: Group Activities on UNIX Servers 175 COBIT: Group Activities on Windows Servers 176 COBIT: Groups Created on UNIX Servers 177 COBIT: Groups Created on Windows Servers 178 COBIT: Groups Deleted on UNIX Servers COBIT: Groups Deleted on Windows Servers COBIT: Guardium SQL Guard Audit Configuration Changes Displays all group activities on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all group activities on UNIX servers to ensure authorized and appropriate access. Displays all group activities on Windows servers to ensure authorized and appropriate access. Displays all groups created on UNIX servers to ensure authorized and appropriate access. Displays all group creation activities on Windows servers to ensure appropriate access. Displays all groups deleted on UNIX servers to ensure authorized and appropriate access. Displays all group deletion activities on Windows servers to ensure appropriate access. Displays all configuration changes on the Guardium SQL Guard Audit database. 181 COBIT: Guardium SQL Guard Data Audit Displays all select statements made on Guardium SQL Audit Server. Access 182 COBIT: Guardium SQL Guard Audit Logins Displays all login attempts to the Guardium SQL Server Audit database. 183 COBIT: Guardium SQL Guard Audit Startup or Shutdown Displays all startup and shutdown events on Guardium SQL Audit Server. 184 COBIT: Guardium SQL Guard Displays all configuration changes on the Guardium SQL Guard database. Configuration Changes 185 COBIT: Guardium SQL Guard Data Access Displays all select statements made on Guardium SQL Server. 186 COBIT: Guardium SQL Guard Logins Displays all login attempts to the Guardium SQL Server database COBIT: Guardium SQL Guard Startup or Shutdown COBIT: i5/os Access Control List Modifications COBIT: i5/os Audit Configuration Changes 190 COBIT: i5/os DST Password Reset 191 COBIT: i5/os Internet Security Management Events Displays all startup and shutdown events on Guardium SQL Server. Displays i5/os events related to access control list modification. Displays all audit configuration changes on i5/os. Displays i5/os events related to the reset of the DST (Dedicated Service Tools) password. Displays i5/os events related to Internet Security Management (IPSec/ VPN). 192 COBIT: i5/os Key Ring File Events Displays i5/os key ring file events (cryptographic key management). 193 COBIT: i5/os Network Authentication Displays i5/os network authentication events. Events 194 COBIT: i5/os Object Access Displays i5/os events related to object access. 195 COBIT: i5/os Object Creation and Deletion Displays i5/os events related to object creation and deletion. 196 COBIT: i5/os Restore Events Displays i5/os events related to object, program, and profile restoration COBIT: i5/os Server Security User Information Actions COBIT: i5/os System Management Changes Displays i5/os events related to server security user information actions. Displays i5/os events related to system management changes. 14 SOX and COBIT Compliance Suite Quick Start Guide

15 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 199 COBIT: i5/os User Profile Creation, Modification, or Restoration Displays i5/os events related to user profile creation, modification or restoration. 200 COBIT: Juniper Firewall Escalated Privilege Displays events related to users having escalated privileges in the Juniper Firewall. 201 COBIT: Juniper Firewall Policy Changed Displays all configuration changes to the Juniper Firewall policies. 202 COBIT: Juniper Firewall Reset Accepted Displays events that indicate the Juniper Firewall has been reset to its factory default state. 203 COBIT: Juniper Firewall Reset Imminent Displays events that indicate the Juniper Firewall will be reset to its factory default state. 204 COBIT: Juniper Firewall Restarted Displays all Juniper Firewall restart events. 205 COBIT: Juniper Firewall VPN Tunnel Status Change Displays events when the Juniper Firewall VPN Tunnel is setup or taken down. 206 COBIT: Juniper SSL VPN Successful Logins Displays successful connections through the Juniper SSL VPN COBIT: Juniper SSL VPN (Secure Access) Policy Changed COBIT: Juniper SSL VPN (Secure Access) Successful Logins COBIT: Last Activity Performed by Administrators COBIT: Last Activity Performed by All Users Displays all configuration changes to the Juniper SSL VPN (Secure Access) policies. Displays successful connections through the Juniper SSL VPN (Secure Access). Displays the latest activities performed by administrators and root users to ensure appropriate access. Displays the latest activities performed by all users to ensure appropriate access. 211 COBIT: Logins by Authentication Type Displays all logins categorized by the authentication type. 212 COBIT: LogLogic DSM Configuration Displays all configuration changes on the LogLogic DSM database. Changes 213 COBIT: LogLogic DSM Data Access Displays all select statements made on LogLogic DSM database. 214 COBIT: LogLogic DSM Logins Displays all login attempts to the LogLogic DSM database. 215 COBIT: LogLogic DSM Startup or Shutdown 216 COBIT: LogLogic File Retrieval Errors 217 COBIT: LogLogic Message Routing Errors COBIT: McAfee AntiVirus: Attacks by Event ID COBIT: McAfee AntiVirus: Attacks by Threat Name COBIT: McAfee AntiVirus: Attacks Detected COBIT: Microsoft Operations Manager - Failed Windows Events COBIT: Microsoft Operations Manager - Windows Account Activities COBIT: Microsoft Operations Manager - Windows Accounts Changed Displays all startup and shutdown events on LogLogic DSM database. Displays all errors while retrieving log files from devices, servers and applications. Displays all log forwarding errors on the LogLogic Appliance to ensure all logs are archived properly. McAfee AntiVirus attacks by Event ID. Displays McAfee AntiVirus attacks by threat name. McAfee AntiVirus attacks Detected. Displays summary of all failed access-related Windows events. Displays all accounts activities on Windows servers to ensure authorized and appropriate access. Displays all accounts changed on Windows servers to ensure authorized and appropriate access. SOX and COBIT Compliance Suite Quick Start Guide 15

16 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description COBIT: Microsoft Operations Manager - Windows Accounts Created COBIT: Microsoft Operations Manager - Windows Accounts Enabled COBIT: Microsoft Operations Manager - Windows Events by Users COBIT: Microsoft Operations Manager - Windows Events Summary COBIT: Microsoft Operations Manager - Windows Password Changes COBIT: Microsoft Operations Manager - Windows Permissions Modified COBIT: Microsoft Operations Manager - Windows Policies Modified COBIT: Microsoft Operations Manager - Windows Servers Restarted COBIT: Microsoft Sharepoint Content Deleted COBIT: Microsoft Sharepoint Content Updates COBIT: Microsoft Sharepoint Permissions Changed COBIT: Microsoft Sharepoint Policy Add, Remove, or Modify Displays all accounts created on Windows servers to ensure authorized and appropriate access. Displays all accounts enabled on Windows servers to ensure authorized and appropriate access. Displays a summary of access-related Windows events by source and target users. Displays a summary of access-related Windows events by count. Displays all password change activities on Windows servers to ensure authorized and appropriate access. Displays all permission modification activities on Windows servers to ensure authorized access. Displays all policy modification activities on Windows servers to ensure authorized and appropriate access. Displays all Windows server restart activities to detect unusual activities. Displays all events when content has been deleted from Microsoft Sharepoint. Displays all events when content is updated within Microsoft Sharepoint. Displays all delete and update events to Microsoft Sharepoint user/group permissions. Displays all events when a Microsoft Sharepoint policy is added, removed, or modified. 236 COBIT: Microsoft SQL Server Backup Failed Displays all Microsoft SQL Server backup failures. COBIT: Microsoft SQL Server Configuration Displays Microsoft SQL database configuration changes. 237 Changes 238 COBIT: Microsoft SQL Server Data Access Displays data access events on Microsoft SQL Server databases COBIT: Microsoft SQL Server Database Failed Logins COBIT: Microsoft SQL Server Database Logins COBIT: Microsoft SQL Server Database Permission Events COBIT: Microsoft SQL Server Database User Additions and Deletions COBIT: Microsoft SQL Server Password Changes Displays failed Microsoft SQL Server database logins. Displays logins to Microsoft SQL Server databases. Displays events related to Microsoft SQL Server database permission modifications. Displays Microsoft SQL Server events related to creation and deletion of database users. Displays password changes for Microsoft SQL Server database accounts. 244 COBIT: Microsoft SQL Server Restore Failed Displays all Microsoft SQL Server restore failure events COBIT: Microsoft SQL Server Schema Corruption COBIT: Microsoft SQL Server Shutdown by Reason COBIT: Most Active Senders - Exchange 2000/2003 Displays all schema corruption events on Microsoft SQL Server databases. Displays all Microsoft SQL Server shutdown events by reason. Displays the most active senders based on activity. 16 SOX and COBIT Compliance Suite Quick Start Guide

17 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description COBIT: Most Active Ports Through Firewall - Check Point COBIT: Most Active Ports Through Firewall - Cisco ASA COBIT: Most Active Ports Through Firewall - Cisco FWSM COBIT: Most Active Ports Through Firewall - Cisco PIX COBIT: Most Active Ports Through Firewall - Fortinet COBIT: Most Active Ports Through Firewall - Juniper Firewall COBIT: Most Active Ports Through Firewall - Nortel COBIT: Most Used Mail Commands - Exchange 2000/2003 Displays the most active ports used through the Check Point firewall. Displays the most active ports used through the Cisco ASA firewall. Displays the most active ports used through the Cisco FWSM firewall. Displays the most active ports used through the Cisco PIX firewall. Displays the most active ports used through the Fortinet firewall. Displays the most active ports used through the Juniper firewall. Displays the most active ports used through the Nortel firewall. Displays the most used protocol commands on Microsoft Exchange servers. 256 COBIT: NetApp Filer Audit Logs Cleared Displays all audit logs clearing activities on NetApp Filer Audit to detect access violations or unusual activity. 257 COBIT: NetApp Filer Audit Login Failed Displays all NetApp Filer Audit Login events which have failed COBIT: NetApp Filer Audit Login Successful COBIT: NetApp Filer Audit Policies Modified Displays all NetApp Filer Audit Login events which have succeeded. Displays all policy modification activities on NetApp Filer Audit to ensure authorized and appropriate access. 260 COBIT: NetApp Filer Snapshot Error Displays all backup errors that have occurred on the NetApp Filer servers. 261 COBIT: NetApp Filer File activity Display all file activities on NetApp Filer. 262 COBIT: NetApp Filer Login Failed Displays all NetApp Filer Login events which have failed. 263 COBIT: NetApp Filer Login Successful Displays all NetApp Filer Login events which have succeeded. 264 COBIT: NetApp Filer Password Changes COBIT: Network Traffic per Rule - Check Point COBIT: Network Traffic per Rule - Juniper Firewall 267 COBIT: Network Traffic per Rule - Nortel Displays all password change activities on NetApp Filer to ensure authorized and appropriate access. Displays all network traffic flowing through each rule in a network policy to ensure appropriate access. Displays all network traffic flowing through each rule in a network policy to ensure appropriate access. Displays all network traffic flowing through each rule in a network policy to ensure appropriate access. 268 COBIT: Oracle Database Configuration Displays Oracle database configuration changes. Changes 269 COBIT: Oracle Database Data Access Displays data access events on Oracle databases. 270 COBIT: Oracle Database Failed Logins Displays all failed login attempts to the Oracle database. 271 COBIT: Oracle Database Logins Displays Oracle database logins. 272 COBIT: Oracle Database Permission Events Displays events related to Oracle Server database role and privilege management. 273 COBIT: Oracle Database Shutdown Displays Oracle database events related to shutting down the server. SOX and COBIT Compliance Suite Quick Start Guide 17

18 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 274 COBIT: Oracle Database User Additions and Deletions Displays Oracle database events related to creation and deletion of database users. 275 COBIT: PANOS: Attacks by Event ID Displays Palo Alto Networks attacks by Event ID. 276 COBIT: PANOS: Attacks by Threat Name Displays Palo Alto Networks attacks by threat name. 277 COBIT: PANOS: Attacks Detected Displays attacks detected by Palo Alto Networks. 278 COBIT: Password Changes on Windows Servers 279 COBIT: Peer Servers and Status 280 COBIT: Peer Servers and Status - Microsoft IIS 281 COBIT: Periodic Review of Log Reports COBIT: Periodic Review of User Access Logs COBIT: Permissions Modified on Windows Servers COBIT: Policies Modified on Windows Servers Displays all password change activities on Windows servers to ensure authorized and appropriate access. Displays all web servers providing data for cache servers and the status of requests. Displays all web servers providing data for cache servers and the status of requests on Microsoft IIS. Displays all review activities performed by administrators to ensure review for any access violations. Displays all review activities performed by administrators to ensure review for any access violations. Displays all permission modification activities on Windows Servers to ensure authorized access. Displays all policy modification activities on Windows servers to ensure authorized and appropriate access. 285 COBIT: Ports Allowed Access - Check Point Displays all connections passed through the Check Point by port. 286 COBIT: Ports Allowed Access - Cisco ASA Displays all connections passed through the Cisco ASA by port. 287 COBIT: Ports Allowed Access - Cisco IOS Displays all connections passed through the Cisco IOS by port. 288 COBIT: Ports Allowed Access - Cisco FWSM Displays all connections passed through the Cisco FWSM by port. COBIT: Ports Allowed Access - Cisco Displays all ports allowed access through Cisco Netflow. 289 Netflow 290 COBIT: Ports Allowed Access - Cisco PIX Displays all connections passed through the Cisco PIX by port. 291 COBIT: Ports Allowed Access - F5 BIG-IP TMOS Displays all connections passed through the F5 BIG-IP TMOS by port. 292 COBIT: Ports Allowed Access - Fortinet Displays all connections passed through the Fortinet by port COBIT: Ports Allowed Access - Juniper Firewall COBIT: Ports Allowed Access - Juniper JunOS Displays all connections passed through the Juniper Firewall by port. Displays all connections passed through the Juniper JunOS by port. 295 COBIT: Ports Allowed Access - Juniper RT Displays all connections passed through the Juniper RT Flow by port. Flow 296 COBIT: Ports Allowed Access - Nortel Displays all connections passed through the Nortel by port. 297 COBIT: Ports Allowed Access - PANOS Displays all connections passed through the Palo Alto Networks by port. 298 COBIT: Ports Allowed Access - VMware vshield 299 COBIT: Ports Denied Access - Check Point 300 COBIT: Ports Denied Access- Cisco ASA Displays all ports allowed access through VMware vshield. Displays the ports that have been denied access the most by the Check Point to review access violations. Displays the ports that have been denied access the most by the Cisco ASA to review access violations. 18 SOX and COBIT Compliance Suite Quick Start Guide

19 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description 301 COBIT: Ports Denied Access- Cisco FWSM 302 COBIT: Ports Denied Access - Cisco IOS 303 COBIT: Ports Denied Access- Cisco PIX 304 COBIT: Ports Denied Access - Cisco Router 305 COBIT: Ports Denied Access - F5 BIG-IP TMOS 306 COBIT: Ports Denied Access - Fortinet COBIT: Ports Denied Access - Juniper Firewall COBIT: Ports Denied Access - Juniper JunOS COBIT: Ports Denied Access - Juniper RT Flow 310 COBIT: Ports Denied Access - Nortel 311 COBIT: Ports Denied Access - PANOS 312 COBIT: Ports Denied Access - VMware vshield 313 COBIT: RACF Accounts Created Displays the ports that have been denied access the most by the Cisco FWSM to review access violations. Displays the ports that have been denied access the most by the Cisco IOS to review access violations. Displays the ports that have been denied access the most by the Cisco PIX to review access violations. Displays the ports that have been denied access the most by the Cisco Router to review access violations. Displays the ports that have been denied access the most by the F5 BIG-IP TMOS to review access violations. Displays the ports that have been denied access the most by the Fortinet to review access violations. Displays the ports that have been denied access the most by the Juniper Firewall to review access violations. Displays the applications that have been denied access the most by the Juniper JunOS. Displays the ports that have been denied access the most by the Juniper RT Flow to review access violations. Displays the ports that have been denied access the most by the Nortel to review access violations. Displays the ports that have been denied access the most by the Palo Alto Networks to review access violations. Displays the ports that have been denied access the most by the VMware vshield to review access violations. Displays all accounts created on RACF servers to ensure authorized and appropriate access. 314 COBIT: RACF Accounts Deleted Displays all accounts deleted on RACF servers to ensure authorized and appropriate access. 315 COBIT: RACF Accounts Modified Displays all events when a network user profile has been modified. 316 COBIT: RACF Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 317 COBIT: RACF Files Accessed Displays all files accessed on RACF servers to ensure appropriate access. 318 COBIT: RACF Password Changed Displays all password change activities on RACF servers to ensure authorized and appropriate access. 319 COBIT: RACF Permissions Changed Displays all permission modification activities on RACF to ensure authorized access. 320 COBIT: RACF Process Started Displays all processes started on the RACF servers. 321 COBIT: RACF Successful Logins 322 COBIT: Recipient Domains Experiencing Delay - Exchange 2000/ COBIT: Root Logins Displays root logins. Displays successful logins to ensure only authorized personnel have access. Displays the recipient domains that have experienced the most delivery delays. COBIT: Sender and Recipients Exchanging Displays the top sender and recipient combinations. 324 the Most s - Exchange 2000/ COBIT: Sensors Generating Alerts Displays the IDS sensors that generated the most alerts. SOX and COBIT Compliance Suite Quick Start Guide 19

20 LogLogic Custom Reports and Alerts for COBIT 4.1 and Sarbanes-Oxley : LogLogic Reports for COBIT 4.1 and Sarbanes-Oxley # LogLogic Report Description COBIT: Sensors Generating Alerts - Cisco IOS COBIT: Sensors Generating Alerts - ISS SiteProtector Displays the sensors generating alerts on Cisco IOS. Displays the IDS sensors that generated the most alerts by ISS SiteProtector. 328 COBIT: Sensors Generating Alerts - SiteProtector Displays the IDS sensors that generated the most alerts by SiteProtector. 329 COBIT: Servers Under Attack Displays all servers under attack. 330 COBIT: Servers Under Attack - Cisco IOS Displays all servers under attack through Cisco IOS COBIT: Servers Under Attack - ISS SiteProtector COBIT: Servers Under Attack - SiteProtector Displays all servers under attack by ISS SiteProtector. Displays all servers under attack by SiteProtector. 333 COBIT: Source IP Sending To Most Displays IP addresses that are sending to the most recipients. Recipients - Exchange 2000/ COBIT: Source of Attacks Displays the sources that have initiated the most attacks. 335 COBIT: Source of Attacks - Cisco IOS Displays all sources of attacks against Cisco IOS. 336 COBIT: Source of Attacks - ISS SiteProtector Displays the sources that have initiated the most attacks by ISS SiteProtector. 337 COBIT: Source of Attacks - SiteProtector Displays the sources that have initiated the most attacks by SiteProtector. 338 COBIT: Successful Logins 339 COBIT: Sybase ASE Database Backup and Restoration Displays successful logins to ensure only authorized personnel have access. Displays Sybase ASE DUMP and LOAD events. 340 COBIT: Sybase ASE Database Configuration Displays configuration changes to the Sybase database. Changes 341 COBIT: Sybase ASE Database Create Events Displays Sybase ASE events involving the CREATE statement. 342 COBIT: Sybase ASE Database Data Access Displays Sybase ASE events involving the SELECT statement. 343 COBIT: Sybase ASE Database Drop Events Displays Sybase ASE events involving the DROP statement COBIT: Sybase ASE Database Startup or Shutdown COBIT: Sybase ASE Database User Additions and Deletions Displays all startup and shutdown events for the Sybase database. Displays Sybase database events related to creation and deletion of database users. 346 COBIT: Sybase ASE Failed Logins Displays failed Sybase ASE database logins. 347 COBIT: Sybase ASE Successful Logins Displays successful Sybase ASE database logins. 348 COBIT: Symantec AntiVirus: Attacks by Threat Name Displays Symantec AntiVirus attacks by threat name. 349 COBIT: Symantec AntiVirus: Attacks Displays attacks detected by Symantec AntiVirus. Detected 350 COBIT: Symantec AntiVirus: Scans Displays scans using Symantec AntiVirus. 351 COBIT: Symantec AntiVirus: Updated Displays updates to Symantec AntiVirus COBIT: Symantec Endpoint Protection: Attacks by Threat Name COBIT: Symantec Endpoint Protection: Attacks Detected Displays Symantec Endpoint Protection attacks by threat name. Attacks Detected by Symantec Endpoint Protection. 20 SOX and COBIT Compliance Suite Quick Start Guide