TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Transcription

1 TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: December 2012 Two-Second Advantage

2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, Two-Second Advantage and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. and/or subsidiaries of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. PLEASE SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

3 CONTENTS Contents Preface: About This Guide Technical Support Information Documentation Support Information Contact Information Conventions Chapter 1: for HIPAA LogLogic Reports for HIPAA LogLogic Alerts for HIPAA Quick Reference

4 CONTENTS 4

5 PREFACE: About This Guide The LogLogic HIPAA Compliance Suite Quick Start Guide provides information regarding the LogLogic s Health Insurance Portability and Accountability (HIPAA) compliance reports, alerts, and using log data collected and aggregated from all types of source systems to monitor and report on HIPAA compliance. Technical Support Information LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your LogLogic Compliance Suites. To reach the LogLogic Support team by telephone: Toll Free LOGS Local EMEA support@loglogic.com Support Website: When contacting LogLogic Support, be prepared to provide the following information: Your name, address, phone number, and fax number Your company name and company address Your appliance model and release version Serial number located on the back of the Appliance or the eth0 MAC address A description of the problem and the content of pertinent error messages (if any) HIPAA Compliance Suite Quick Start Guide 5

6 About This Guide : Documentation Support Information Documentation Support Information Conventions The LogLogic documentation includes Portable Document Format (PDF) files. To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at Contact Information Your feedback on the LogLogic documentation is important to us. If you have questions or comments, send to DocComments@loglogic.com. In your message, please indicate the software name and version you are using, as well as the title and document release date of your documentation. Your comments will be reviewed and addressed by the LogLogic Technical Publications team. The LogLogic documentation uses the following conventions to distinguish text and information that might require special attention. Caution: Highlights important situations that could potentially damage data or cause system failure. IMPORTANT! Highlights key considerations to keep in mind. Note: Provides additional information that is useful but not always essential or highlights guidelines and helpful hints. This guide also uses the following typographic conventions to highlight code and command line elements: Monospace is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as file names, directories, paths, and URLs). Monospace bold is used to distinguish system prompts or screen output from user responses, as in this example: username: system home directory: home\app Monospace italic is used for placeholders, which are general names that you replace with names specific to your site, as in this example: LogLogic_home_directory\upgrade\ Straight brackets signal options in command line syntax. ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path...] 6 HIPAA Compliance Suite GuidebookHIPAA Compliance

7 CHAPTER 1: for HIPAA This chapter provides a detailed listing of all HIPAA specifications with their corresponding LogLogic compliance suite reports and/or alerts. LogLogic Reports for HIPAA LogLogic Alerts for HIPAA Quick Reference LogLogic Reports for HIPAA The following table lists the reports included in the LogLogic Compliance Suite: HIPAA Edition. # LogLogic Report 1 HIPAA: Accepted VPN Connections - RADIUS 2 HIPAA: Account Activities on UNIX Servers 3 HIPAA: Account Activities on Windows Servers 4 HIPAA: Accounts Changed on NetApp Filer Displays all users connected to the internal network through the RADIUS VPN. Displays all account activities on UNIX servers to ensure authorized and appropriate access. Displays all account activities on Windows servers to ensure authorized and appropriate access. Displays all accounts changed on NetApp Filer to ensure authorized and appropriate access. 5 HIPAA: Accounts Changed on Sidewinder Displays all accounts changed on Sidewinder to ensure authorized and appropriate access. 6 HIPAA: Accounts Changed on TIBCO Administrator Displays all accounts changed on TIBCO Administrator to ensure authorized and appropriate access. 7 HIPAA: Accounts Created on NetApp Filer Displays all accounts created on NetApp Filer to ensure authorized and appropriate access. 8 HIPAA: Accounts Created on NetApp Filer Audit Displays all accounts created on NetApp Filer Audit to ensure authorized and appropriate access. 9 HIPAA: Accounts Created on Sidewinder Displays all accounts created on Sidewinder to ensure authorized and appropriate access. 10 HIPAA: Accounts Created on Symantec Endpoint Protection 11 HIPAA: Accounts Created on TIBCO Administrator Displays all accounts created on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all accounts created on TIBCO Administrator to ensure authorized and appropriate access. 12 HIPAA: Accounts Created on UNIX Servers Displays all accounts created on UNIX servers to ensure authorized and appropriate access. 13 HIPAA: Accounts Created on Windows Servers Displays all accounts created on Windows servers to ensure authorized and appropriate access. 14 HIPAA: Accounts Deleted on NetApp Filer Displays all accounts deleted on NetApp Filer to ensure authorized and appropriate access. HIPAA Compliance Suite Quick Start Guide 7

8 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 15 HIPAA: Accounts Deleted on NetApp Filer Audit Displays all accounts deleted on NetApp Filer Audit to ensure authorized and appropriate access. 16 HIPAA: Accounts Deleted on Sidewinder Displays all accounts deleted on Sidewinder to ensure authorized and appropriate access. 17 HIPAA: Accounts Deleted on Symantec Endpoint Protection 18 HIPAA: Accounts Deleted on TIBCO Administrator Displays all accounts deleted on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all accounts deleted on TIBCO Administrator to ensure authorized and appropriate access. 19 HIPAA: Accounts Deleted on UNIX Servers Displays all accounts deleted on UNIX servers to ensure authorized and appropriate access. 20 HIPAA: Accounts Deleted on Windows Servers Displays all accounts deleted on Windows servers to ensure authorized and appropriate access. 21 HIPAA: Active Directory System Changes Displays changes made within Active Directory. 22 HIPAA: Administrators Activities on Servers Displays the latest activities performed by administrators and root users to ensure appropriate access. 23 HIPAA: Applications Under Attack Displays all applications under attack as well as the attack signatures. 24 HIPAA: Applications Under Attack - Cisco IOS 25 HIPAA: Applications Under Attack - ISS SiteProtector 26 HIPAA: Applications Under Attack - SiteProtector Displays all applications under attack as well as the attack signatures by Cisco IOS. Displays all applications under attack as well as the attack signatures by ISS SiteProtector. Displays all applications under attack as well as the attack signatures by SiteProtector. 27 HIPAA: Attacks Detected Displays all IDS attacks detected to servers and applications. 28 HIPAA: Attacks Detected - Cisco IOS Displays all IDS attacks detected to servers and applications by Cisco IOS. 29 HIPAA: Attacks Detected - ISS SiteProtector Displays all IDS attacks detected to servers and applications by ISS SiteProtector. 30 HIPAA: Attacks Detected - SiteProtector Displays all IDS attacks detected to servers and applications by SiteProtector. 31 HIPAA: Attack Origins Displays the sources that have initiated the most attacks. 32 HIPAA: Attack Origins - Cisco IOS Displays the sources that have initiated the most attacks by Cisco IOS. 33 HIPAA: Attack Origins - ISS SiteProtector Displays the sources that have initiated the most attacks by ISS SiteProtector. 34 HIPAA: Attack Origins - SiteProtector Displays the sources that have initiated the most attacks by SiteProtector. 35 HIPAA: Check Point Management Station Login 36 HIPAA: Check Point Management Station Logout Displays all login events to the Check Point management station. Displays all logoff events to the Check Point management station. 37 HIPAA: Check Point Object Activity Displays all creation, deletion, and modification of Check Point objects. 38 HIPAA: Check Point Configuration Changes Displays all Check Point audit events related to configuration changes. 39 HIPAA: Cisco ESA: Attacks by Event ID Displays Cisco ESA attacks by Event ID. 40 HIPAA: Cisco ESA: Attacks Detected Displays attacks detected by Cisco ESA. 41 HIPAA: Cisco ESA: Attacks by Threat Displays Cisco ESA attacks by threat name. Name 42 HIPAA: Cisco ESA: Scans Scans using Cisco ESA. 43 HIPAA: Cisco ESA: Updated Updates to Cisco ESA. 8 HIPAA Compliance Suite Quick Start Guide

9 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 44 HIPAA: Cisco ISE, ACS Accounts Created Displays all accounts created on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access. 45 HIPAA: Cisco ISE, ACS Accounts Removed Displays all accounts removed on Cisco ISE and Cisco SecureACS to ensure authorized and appropriate access. 46 HIPAA: Cisco ISE, ACS Configuration Changes Displays Cisco ISE and Cisco SecureACS configuration changes. 47 HIPAA: Cisco ISE, ACS Password Changes Displays all Cisco ISE, ACS Password Changes. 48 HIPAA: Cisco PIX, ASA, FWSM Failover Disabled 49 HIPAA: Cisco PIX, ASA, FWSM Failover Performed Displays all logs related to disabling Cisco PIX, ASA, and FWSM failover capability. Displays all logs related to performing a Cisco PIX, ASA, and FWSM failover. 50 HIPAA: Cisco PIX, ASA, FWSM Restarted Displays all Cisco PIX, ASA, and FWSM restart activities to detect unusual activities. 51 HIPAA: Cisco PIX, ASA, FWSM Routing Failure Displays all Cisco PIX, ASA, and FWSM routing error messages. 52 HIPAA: Cisco PIX, ASA, FWSM Policy Changed Displays all configuration changes made to the Cisco PIX, ASA, and FWSM devices. 53 HIPAA: Cisco Routers and Switches Restart Displays all Cisco routers and switches restart activities to detect unusual activities. 54 HIPAA: Cisco Switch Policy Changes Displays all configuration changes to the Cisco router and switch policies. 55 HIPAA: Creation and Deletion of System Level Objects: DB2 Database 56 HIPAA: Creation and Deletion of System Level Objects: Oracle 57 HIPAA: Creation and Deletion of System Level Objects: SQL Server 58 HIPAA: Creation and Deletion of System Level Objects: Windows 59 HIPAA: DB2 Database Configuration Changes Displays DB2 database events related to creation and deletion of system-level objects. Displays Oracle database events related to creation and deletion of system-level objects. Displays Microsoft SQL Server events related to creation and deletion of system-level objects. Displays all Windows events related to creation and deletion of system-level objects. Displays DB2 database configuration changes. 60 HIPAA: DB2 Database Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 61 HIPAA: DB2 Database Logins Displays DB2 database logins. 62 HIPAA: DB2 Database User Additions and Deletions 63 HIPAA: Denied VPN Connections - RADIUS 64 HIPAA: DHCP Granted/Renewed Activities on Microsoft DHCP 65 HIPAA: DHCP Granted/Renewed Activities on VMWare vshield Displays IBM DB2 Database events related to creation and deletion of database users. Displays all users denied access to the internal network by the RADIUS VPN. Displays all DHCP Granted/Renewed Activities on Microsoft DHCP Server. Displays all DHCP Granted/Renewed Activities on VMware vshield Edge. 66 HIPAA: DNS Server Error Displays all events when DNS Server has errors. 67 HIPAA: Escalated Privilege Activities on Servers Displays all privilege escalation activities performed on servers to ensure appropriate access. 68 HIPAA: ESX Accounts Activities Displays all accounts activities on VMWare ESX servers to ensure authorized and appropriate access. 69 HIPAA: ESX Accounts Created Displays all accounts created on VMWare ESX servers to ensure authorized and appropriate access. HIPAA Compliance Suite Quick Start Guide 9

10 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 70 HIPAA: ESX Accounts Deleted Displays all accounts deleted on VMWare ESX servers to ensure authorized and appropriate access. 71 HIPAA: ESX Failed Logins Failed VMWare ESX logins for known user. 72 HIPAA: ESX Group Activities Displays all group activities on VMWare ESX servers to ensure authorized and appropriate access. 73 HIPAA: ESX Kernel log daemon terminating Displays all VMWare ESX Kernel log daemon terminating. 74 HIPAA: ESX Kernel logging Stop Displays all VMWare ESX Kernel logging stops. 75 HIPAA: ESX Logins Failed Unknown User Failed VMWare ESX logins for unknown user. 76 HIPAA: ESX Logins Succeeded Displays successful logins to VMWare ESX to ensure only authorized personnel have access. 77 HIPAA: ESX Syslogd Restart Displays all VMWare ESX syslogd restarts. 78 HIPAA: F5 BIG-IP TMOS Login Failed Displays all F5 BIG-IP TMOS login events which have failed. 79 HIPAA: F5 BIG-IP TMOS Login Successful Displays all F5 BIG-IP TMOS login events which have succeeded. 80 HIPAA: F5 BIG-IP TMOS Password Changes Displays all password change activities on F5 BIG-IP TMOS to ensure authorized and appropriate access. 81 HIPAA: F5 BIG-IP TMOS Restarted Displays all events when the F5 BIG-IP TMOS has been restarted. 82 HIPAA: Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 83 HIPAA: Files Accessed on NetApp Filer Audit Displays all files accessed on NetApp Filer Audit to ensure appropriate access. 84 HIPAA: Files Accessed on Servers Displays all files accessed on servers to ensure appropriate access. 85 HIPAA: Files Accessed through Juniper SSL Displays all files accessed through Juniper SSL VPN (Secure Access). VPN (Secure Access) 86 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Check Point firewall. Check Point 87 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco ASA firewall. Cisco ASA 88 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco FWSM firewall. Cisco FWSM 89 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco IOS firewall. Cisco IOS 90 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco Netflow. Cisco Netflow 91 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco NXOS device. Cisco NXOS 92 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Cisco PIX firewall. Cisco PIX 93 HIPAA: Firewall Connections Accepted - F5 Displays all traffic passing through the F5 BIG-IP TMOS device. BIG-IP TMOS 94 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Fortinet firewall. Fortinet 95 HIPAA: Firewall Connections Accepted - Displays all traffic passing through the Juniper Firewall. Juniper Firewall 96 HIPAA: Firewall Connections Accepted - Juniper JunOS Displays all traffic passing through the Juniper JunOS firewall. 10 HIPAA Compliance Suite Quick Start Guide

11 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 97 HIPAA: Firewall Connections Accepted - Juniper RT Flow 98 HIPAA: Firewall Connections Accepted - Nortel 99 HIPAA: Firewall Connections Accepted - PANOS 100 HIPAA: Firewall Connections Accepted - Sidewinder 101 HIPAA: Firewall Connections Accepted -VMWare vshield 102 HIPAA: Firewall Connections Denied - Check Point 103 HIPAA: Firewall Connections Denied - Cisco ASA 104 HIPAA: Firewall Connections Denied - Cisco FWSM 105 HIPAA: Firewall Connections Denied - Cisco IOS 106 HIPAA: Firewall Connections Denied - Cisco NXOS 107 HIPAA: Firewall Connections Denied - Cisco PIX 108 HIPAA: Firewall Connections Denied - Cisco Router 109 HIPAA: Firewall Connections Denied - F5 BIG-IP TMOS 110 HIPAA: Firewall Connections Denied - Fortinet 111 HIPAA: Firewall Connections Denied - Juniper Firewall 112 HIPAA: Firewall Connections Denied - Juniper JunOS 113 HIPAA: Firewall Connections Denied - Juniper RT Flow 114 HIPAA: Firewall Connections Denied - Nortel 115 HIPAA: Firewall Connections Denied - PANOS 116 HIPAA: Firewall Connections Denied - Sidewinder 117 HIPAA: Firewall Connections Denied - VMware vshield 118 HIPAA: Firewall Traffic Considered Risky - Check Point 119 HIPAA: Firewall Traffic Considered Risky - Cisco ASA 120 HIPAA: Firewall Traffic Considered Risky - Cisco FWSM Displays all traffic passing through the Juniper RT Flow. Displays all traffic passing through the Nortel firewall. Displays all traffic passing through the Palo Alto Networks firewall. Displays all traffic passing through the Sidewinder firewall. Displays all traffic passing through the VMware vshield device. Displays the applications that have been denied access the most by the Check Point devices. Displays the applications that have been denied access the most by the Cisco ASA devices. Displays the applications that have been denied access the most by the Cisco FWSM devices. Displays the applications that have been denied access the most by the Cisco IOS. Displays the applications that have been denied access the most by the Cisco NXOS devices. Displays the applications that have been denied access the most by the Cisco PIX devices. Displays the applications that have been denied access the most by the Cisco Router. Displays the applications that have been denied access the most by the F5 BIG-IP TMOS. Displays the applications that have been denied access the most by the Fortinet devices. Displays the applications that have been denied access the most by the Juniper Firewalls. Displays the applications that have been denied access the most by the Juniper JunOS. Displays the applications that have been denied access the most by the Juniper RT Flow. Displays the applications that have been denied access the most by the Nortel devices. Displays the applications that have been denied access the most by the Palo Alto Networks devices. Displays the applications that have been denied access the most by the Sidewinder. Displays the applications that have been denied access the most by the VMware vshield. Displays Check Point allowed firewall traffic that is considered risky. Displays Cisco ASA allowed firewall traffic that is considered risky. Displays Cisco FWSM allowed firewall traffic that is considered risky. HIPAA Compliance Suite Quick Start Guide 11

12 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 121 HIPAA: Firewall Traffic Considered Risky - Cisco IOS 122 HIPAA: Firewall Traffic Considered Risky - Cisco Netflow 123 HIPAA: Firewall Traffic Considered Risky - Cisco PIX 124 HIPAA: Firewall Traffic Considered Risky - F5 BIG-IP TMOS 125 HIPAA: Firewall Traffic Considered Risky - Fortinet 126 HIPAA: Firewall Traffic Considered Risky - Juniper Firewall 127 HIPAA: Firewall Traffic Considered Risky - Juniper JunOS 128 HIPAA: Firewall Traffic Considered Risky - Juniper RT Flow 129 HIPAA: Firewall Traffic Considered Risky - Nortel 130 HIPAA: Firewall Traffic Considered Risky - PANOS 131 HIPAA: Firewall Traffic Considered Risky - Sidewinder 132 HIPAA: Firewall Traffic Considered Risky - VMware vshield Displays Cisco IOS allowed firewall traffic that is considered risky. Displays Cisco Netflow allowed firewall traffic that is considered risky. Displays Cisco PIX allowed firewall traffic that is considered risky. Displays F5 BIG-IP TMOS allowed firewall traffic that is considered risky. Displays Fortinet allowed firewall traffic that is considered risky. Displays Juniper Firewall allowed firewall traffic that is considered risky. Displays Juniper JunOS allowed firewall traffic that is considered risky. Displays Juniper RT Flow allowed firewall traffic that is considered risky. Displays Nortel allowed firewall traffic that is considered risky. Displays Palo Alto Networks allowed firewall traffic that is considered risky. Displays Sidewinder allowed firewall traffic that is considered risky. Displays VMware vshield Edge allowed firewall traffic that is considered risky. 133 HIPAA: FortiOS: Attacks by Event ID Displays FortiOS attacks by Event ID. 134 HIPAA: FortiOS: Attacks by Threat Name Displays FortiOS attacks by threat name. 135 HIPAA: FortiOS: Attacks Detected Displays attacks detected by FortiOS. 136 HIPAA: FortiOS DLP Attacks Detected Display all DLP attacks detected by FortiOS. 137 HIPAA: Group Activities on UNIX Servers Displays all group activities on UNIX servers to ensure authorized and appropriate access. 138 HIPAA: Group Activities on Windows Servers 139 HIPAA: Guardium SQL Guard Audit Configuration Changes 140 HIPAA: Guardium SQL Guard Audit Data Access 141 HIPAA: Guardium SQL Guard Audit Logins 142 HIPAA: Guardium SQL Guard Configuration Changes Displays all group activities on Windows servers to ensure authorized and appropriate access. Displays all configuration changes on the Guardium SQL Guard Audit database. Displays all select statements made on Guardium SQL Audit Server. Displays all login attempts to the Guardium SQL Server Audit database. Displays all configuration changes on the Guardium SQL Guard database. 143 HIPAA: Guardium SQL Guard Data Access Displays all select statements made on Guardium SQL Server. 144 HIPAA: Guardium SQL Guard Logins Displays all login attempts to the Guardium SQL Server database. 145 HIPAA: Group Activities on NetApp Filer Audit 146 HIPAA: Group Activities on Symantec Endpoint Protection Displays all group activities on NetApp Filer Audit to ensure authorized and appropriate access. Displays all group activities on Symantec Endpoint Protection to ensure authorized and appropriate access. 147 HIPAA: i5/os DST Password Reset Displays i5/os events related to the reset of the DST (Dedicated Service Tools) password. 148 HIPAA: i5/os Files Accessed Lists all events when a user gains access an i5/os file. 12 HIPAA Compliance Suite Quick Start Guide

13 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 149 HIPAA: i5/os Network User Login Failed Lists all events when a network user was denied access into the i5/os. 150 HIPAA: i5/os Network User Login Successful 151 HIPAA: i5/os Network User Profile Creation 152 HIPAA: i5/os Network User Profile Deletion 153 HIPAA: i5/os Network User Profile Modified 154 HIPAA: i5/os Object Permissions Modified Lists all events when a network user successfully logs into the i5/os. Displays i5/os events when a network user profile has been created. Displays i5/os events when a network user profile has been deleted. Displays i5/os events when a network user profile has been modified. Displays all permission modification activities on i5/os to ensure authorized access. 155 HIPAA: i5/os Restarted Lists all events when the i5/os has been restarted. 156 HIPAA: i5/os Service Started Lists all events when a user starts a service on the i5/os. 157 HIPAA: i5/os User Login Failed Lists all events when a user was denied access into the i5/os. 158 HIPAA: i5/os User Login Successful Lists all events when a user successfully logs into the i5/os. 159 HIPAA: i5/os User Profile Creation Displays i5/os events when a user profile has been created. 160 HIPAA: i5/os User Profile Modifications Displays i5/os events when a user profile has been modified. 161 HIPAA: Juniper Firewall HA State Changed Displays all Juniper Firewall fail-over state change events. 162 HIPAA: Juniper Firewall Policy Changed Displays all configuration changes to the Juniper Firewall policies. 163 HIPAA: Juniper Firewall Policy Out of Sync Displays events that indicate the Juniper Firewall's HA policies are out of sync. 164 HIPAA: Juniper Firewall Reset Accepted Displays events that indicate the Juniper Firewall has been reset to its factory default state. 165 HIPAA: Juniper Firewall Reset Imminent Displays events that indicate the Juniper Firewall will be reset to its factory default state. 166 HIPAA: Juniper SSL VPN (Secure Access) Policy Changed 167 HIPAA: Juniper SSL VPN (Secure Access) Successful Logins by IP 168 HIPAA: Juniper SSL VPN (Secure Access) Successful Logins by User 169 HIPAA: Juniper SSL VPN Successful Logins by IP 170 HIPAA: Juniper SSL VPN Successful Logins by User Displays all configuration changes to the Juniper SSL VPN (Secure Access) policies. Displays all successful Juniper SSL VPN (Secure Access) logins based on IP address. Displays all successful Juniper SSL VPN (Secure Access) logins based on user. Displays all successful Juniper SSL VPN logins based on IP address. Displays all successful Juniper SSL VPN logins based on user. 171 HIPAA: Logins by Authentication Type Displays all logins categorized by the authentication type. 172 HIPAA: LogLogic Disk Full Displays events that indicate the LogLogic appliance's disk is near full. 173 HIPAA: LogLogic DSM Configuration Displays all configuration changes on the LogLogic DSM database. Changes 174 HIPAA: LogLogic DSM Data Access Displays all select statements made on LogLogic DSM database. 175 HIPAA: LogLogic DSM Logins Displays all login attempts to the LogLogic DSM database. 176 HIPAA: LogLogic File Retrieval Errors Displays all errors while retrieving log files from devices, servers and applications. 177 HIPAA: LogLogic HA State Changed Displays all LogLogic appliance failover state change events. 178 HIPAA: LogLogic Message Routing Errors Displays all log forwarding errors on the LogLogic Appliance to ensure all logs are archived properly. HIPAA Compliance Suite Quick Start Guide 13

14 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 179 HIPAA: McAfee AntiVirus: Attacks by Event ID 180 HIPAA: McAfee AntiVirus: Attacks by Threat Name 181 HIPAA: McAfee AntiVirus: Attacks Detected 182 HIPAA: Microsoft Operations Manager - Windows Account Activities 183 HIPAA: Microsoft Operations Manager - Windows Accounts Created 184 HIPAA: Microsoft Operations Manager - Windows Accounts Enabled 185 HIPAA: Microsoft Operations Manager - Windows Password Changes 186 HIPAA: Microsoft Operations Manager - Windows Permissions Modified 187 HIPAA: Microsoft Operations Manager - Windows Policies Modified 188 HIPAA: Microsoft Operations Manager - Windows Servers Restarted 189 HIPAA: Microsoft Sharepoint Content Deleted 190 HIPAA: Microsoft Sharepoint Content Updates 191 HIPAA: Microsoft Sharepoint Permissions Changed 192 HIPAA: Microsoft Sharepoint Policy Add, Remove, or Modify 193 HIPAA: Microsoft SQL Server Configuration Changes Displays McAfee AntiVirus attacks by Event ID. Displays McAfee AntiVirus attacks by threat name. Displays attacks detected by McAfee AntiVirus. Displays all accounts activities on Windows servers to ensure authorized and appropriate access. Displays all accounts created on Windows servers to ensure authorized and appropriate access. Displays all accounts enabled on Windows servers to ensure authorized and appropriate access. Displays all password change activities on Windows servers to ensure authorized and appropriate access. Displays all permission modification activities on Windows servers to ensure authorized access. Displays all policy modification activities on Windows servers to ensure authorized and appropriate access. Displays all Windows server restart activities to detect unusual activities. Displays all events when content has been deleted from Microsoft Sharepoint. Displays all events when content is updated within Microsoft Sharepoint. Displays all delete and update events to Microsoft Sharepoint user/group permissions. Displays all events when a Microsoft Sharepoint policy is added, removed, or modified. Displays Microsoft SQL database configuration changes. 194 HIPAA: Microsoft SQL Server Data Access Displays data access events on Microsoft SQL Server databases. 195 HIPAA: Microsoft SQL Server Database Displays failed Microsoft SQL Server database logins. Failed Logins 196 HIPAA: Microsoft SQL Server Database Logins Displays logins to Microsoft SQL Server databases. 197 HIPAA: Microsoft SQL Server Database Permission Events 198 HIPAA: Microsoft SQL Server Database User Additions and Deletions 199 HIPAA: Microsoft SQL Server Password Changes 200 HIPAA: Most Active Ports Through Firewall - Check Point 201 HIPAA: Most Active Ports Through Firewall - Cisco ASA 202 HIPAA: Most Active Ports Through Firewall - Cisco FWSM Displays events related to Microsoft SQL Server database permission modifications. Displays Microsoft SQL Server events related to creation and deletion of database users. Displays password changes for Microsoft SQL Server database accounts. Displays the most active ports used through the Check Point firewall. Displays the most active ports used through the Cisco ASA firewall. Displays the most active ports used through the Cisco FWSM firewall. 14 HIPAA Compliance Suite Quick Start Guide

15 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 203 HIPAA: Most Active Ports Through Firewall - Cisco PIX 204 HIPAA: Most Active Ports Through Firewall - Fortinet 205 HIPAA: Most Active Ports Through Firewall - Juniper Firewall 206 HIPAA: Most Active Ports Through Firewall - Nortel Displays the most active ports used through the Cisco PIX firewall. Displays the most active ports used through the Fortinet firewall. Displays the most active ports used through the Juniper Firewall. Displays the most active ports used through the Nortel firewall. 207 HIPAA: NetApp Filer Audit Logs Cleared Displays all audit logs clearing activities on NetApp Filer Audit to detect access violations or unusual activity. 208 HIPAA: NetApp Filer Accounts Locked Displays all accounts locked out of NetApp Filer to detect access violations or unusual activities. 209 HIPAA: NetApp Filer Audit Login Failed Displays all NetApp Filer Audit login events which have failed. 210 HIPAA: NetApp Filer Audit Login Displays all NetApp Filer Audit login events which have succeeded. Successful 211 HIPAA: NetApp Filer Audit Policies Modified Displays all policy modification activities on NetApp Filer Audit to ensure authorized and appropriate access. 212 HIPAA: NetApp Filer File activity Display all file activities on NetApp Filer. 213 HIPAA: NetApp Filer Login Failed Displays all NetApp Filer login events which have failed. 214 HIPAA: NetApp Filer Login Successful Displays all NetApp Filer login events which have succeeded. 215 HIPAA: NetApp Filer Password Changes Displays all password change activities on NetApp Filer to ensure authorized and appropriate access. 216 HIPAA: NetApp Filer Snapshot Error Displays events that indicate backup on the NetApp Filer has failed. 217 HIPAA: Oracle Database Failed Logins Displays all failed login attempts to the Oracle database. 218 HIPAA: Oracle Database Configuration Displays Oracle database configuration changes. Changes 219 HIPAA: Oracle Database Data Access Displays data access events on Oracle databases. 220 HIPAA: Oracle Database Logins Displays Oracle database logins. 221 HIPAA: Oracle Database Permission Events Displays events related to Oracle Server database role and privilege management. 222 HIPAA: Oracle Database User Additions and Deletions Displays Oracle database events related to creation and deletion of database users. 223 HIPAA: PANOS: Attacks by Event ID Displays Palo Alto Networks attacks by Event ID. 224 HIPAA: PANOS: Attacks by Threat Name Displays Palo Alto Networks attacks by threat name. 225 HIPAA: PANOS: Attacks Detected Displays attacks detected by Palo Alto Networks. 226 HIPAA: Password Changes on Windows Servers Displays all password change activities on Windows servers to ensure authorized and appropriate access. 227 HIPAA: Periodic Review of Log Reports Displays all review activities performed by administrators to ensure review for any access violations. 228 HIPAA: Periodic Review of User Access Logs 229 HIPAA: Permissions Modified on Windows Servers 230 HIPAA: Policies Modified on Windows Servers Displays all review activities performed by administrators to ensure review for any access violations. Displays all permission modification activities on Windows servers to ensure authorized access. Displays all policy modification activities on Windows Servers to ensure authorized and appropriate access. 231 HIPAA: Proxy Access to Applications Displays all proxy-based access to applications to ensure appropriate and authorized access. HIPAA Compliance Suite Quick Start Guide 15

16 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 232 HIPAA: Proxy Access to Applications - Microsoft IIS Displays all proxy-based access to applications to ensure appropriate and authorized access on Microsoft IIS. 233 HIPAA: RACF Accounts Created Displays all accounts created on RACF servers to ensure authorized and appropriate access. 234 HIPAA: RACF Accounts Deleted Displays all accounts deleted on RACF servers to ensure authorized and appropriate access. 235 HIPAA: RACF Accounts Modified Displays all events when a network user profile has been modified. 236 HIPAA: RACF Failed Logins Displays all failed login attempts to review any access violations or unusual activity. 237 HIPAA: RACF Files Accessed Displays all files accessed on RACF servers to ensure appropriate access. 238 HIPAA: RACF Password Changed Displays all password change activities on RACF servers to ensure authorized and appropriate access. 239 HIPAA: RACF Permissions Changed Displays all permission modification activities on RACF to ensure authorized access. 240 HIPAA: RACF Process Started Displays all processes started on the RACF servers. 241 HIPAA: RACF Successful Logins Displays successful logins to ensure only authorized personnel have access. 242 HIPAA: Software Update Activities on Displays all events related to the system s software or patch update. Windows Servers 243 HIPAA: Software Update Failures on Windows Servers Displays all failed events related to the system s software or patch update. 244 HIPAA: Software Update Successes on Windows Servers 245 HIPAA: Software Update Successes on i5/ OS Displays all successful events related to the system s software or patch update. Displays all successful events related to the system's software or patch update. 246 HIPAA: Successful Logins Displays successful logins to ensure only authorized personnel have access. 247 HIPAA: Sybase ASE Database Displays configuration changes to the Sybase database. Configuration Changes 248 HIPAA: Sybase ASE Database Data Access Displays Sybase ASE events involving the SELECT statement. 249 HIPAA: Sybase ASE Database User Additions and Deletions Displays Sybase database events related to creation and deletion of database users. 250 HIPAA: Sybase ASE Failed Logins Displays failed Sybase ASE database logins. 251 HIPAA: Sybase ASE Successful Logins Displays successful Sybase ASE database logins. 252 HIPAA: Symantec AntiVirus: Attacks by Displays Symantec AntiVirus attacks by threat name. Threat Name 253 HIPAA: Symantec AntiVirus: Attacks Displays attacks detected by Symantec AntiVirus. Detected 254 HIPAA: Symantec AntiVirus: Scans Displays scans using Symantec AntiVirus. 255 HIPAA: Symantec AntiVirus: Updated Displays updates to Symantec AntiVirus. 256 HIPAA: Symantec Endpoint Protection: Displays Symantec Endpoint Protection attacks by threat name. Attacks by Threat Name 257 HIPAA: Symantec Endpoint Protection: Displays attacks detected by Symantec Endpoint Protection. Attacks Detected 258 HIPAA: Symantec Endpoint Protection Configuration Changes Displays Symantec Endpoint Protection configuration changes. 16 HIPAA Compliance Suite Quick Start Guide

17 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 259 HIPAA: Symantec Endpoint Protection Password Changes 260 HIPAA: Symantec Endpoint Protection Policy Add, Remove, or Modify 261 HIPAA: Symantec Endpoint Protection: Scans 262 HIPAA: Symantec Endpoint Protection: Updated Displays all password change activities on Symantec Endpoint Protection to ensure authorized and appropriate access. Displays all events when a Symantec Endpoint Protection policy is added, removed, or modified. Displays scans using Symantec Endpoint Protection. Displays updates to Symantec Endpoint Protection. 263 HIPAA: System Restarted Displays all logs related to system restarts. 264 HIPAA: TIBCO Administrator Password Changes 265 HIPAA: TIBCO Administrator Permission Changes 266 HIPAA: TrendMicro OfficeScan: Attacks Detected 267 HIPAA: TrendMicro OfficeScan: Attacks Detected by Threat Name 268 HIPAA: TrendMicro Control Manager: Attacks Detected 269 HIPAA: TrendMicro Control Manager: Attacks Detected by Threat Displays all password change activities on TIBCO Administrator to ensure authorized and appropriate access. Displays events related to TIBCO Administrator permission modifications. Displays attacks detected by TrendMicro OfficeScan. Displays attacks detected by TrendMicro OfficeScan by threat name. Displays attacks detected by TrendMicro Control Manager. Displays attacks detected by TrendMicro Control Manager by threat name. 270 HIPAA: Unauthorized Logins Displays all logins from unauthorized users to ensure appropriate access to data. 271 HIPAA: UNIX Failed Logins Failed UNIX logins for known and unknown users. 272 HIPAA: vcenter Change Attributes Modification of VMWare vcenter and VMWare ESX properties. 273 HIPAA: vcenter Data Move Entity has been moved within the VMWare vcenter infrastructure. 274 HIPAA: vcenter Datastore Events Displays create, modify, and delete datastore events on VMWare vcenter. 275 HIPAA: vcenter Failed Logins Failed logins to the VMWare vcenter console. 276 HIPAA: vcenter Modify Firewall Policy Displays changes to the VMWare ESX allowed services firewall policy. 277 HIPAA: vcenter Orchestrator Change Attributes Modification of VMware vcenter Orchestrator properties. 278 HIPAA: vcenter Orchestrator Datastore Events Displays create, modify, and delete datastore events on VMware vcenter Orchestrator. 279 HIPAA: vcenter Orchestrator Data Move Entity has been moved within the VMware vcenter Orchestrator infrastructure. 280 HIPAA: vcenter Orchestrator Failed Logins Display all failed logins for VMWare vcenter Orchestrator. 281 HIPAA: vcenter Orchestrator Virtual Virtual machine has been created from VMware vcenter Orchestrator Machine Created. 282 HIPAA: vcenter Orchestrator Virtual Machine Deleted Virtual machine has been deleted from VMware vcenter Orchestrator. 283 HIPAA: vcenter Orchestrator Virtual Machine Shutdown 284 HIPAA: vcenter Orchestrator Virtual Machine Started 285 HIPAA: vcenter Orchestrator vswitch Added, Changed or Removed Virtual machine has been shutdown or paused from VMware vcenter Orchestrator console. Virtual machine has been started or resumed from VMware vcenter Orchestrator console. vswitch has been added, modified or removed from VMware vcenter Orchestrator console. 286 HIPAA: vcenter Resource Usage Change Resources have changed on VMWare vcenter. HIPAA Compliance Suite Quick Start Guide 17

18 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 287 HIPAA: vcenter Restart ESX Services VMWare vcenter restarted services running on VMWare ESX Server. 288 HIPAA: vcenter Shutdown or Restart of ESX Server VMWare ESX Server is shutdown or restarted from VMWare vcenter console. 289 HIPAA: vcenter Successful Logins Successful logins to the VMWare vcenter console. 290 HIPAA: vcenter User Permission Change A permission role has been added, changed, removed, or applied to a user on VMWare vcenter server. 291 HIPAA: vcenter Virtual Machine Created Virtual machine has been created from VMWare vcenter console. 292 HIPAA: vcenter Virtual Machine Deleted Virtual machine has been deleted or removed from VMWare vcenter console. 293 HIPAA: vcenter Virtual Machine Shutdown Virtual machine has been shutdown or paused from VMWare vcenter console. 294 HIPAA: vcenter Virtual Machine Started Virtual machine has been started or resumed from VMWare vcenter console. 295 HIPAA: vcenter vswitch Changed or Removed vswitch on VMWare ESX server has been modified or removed from the VMWare vcenter console. 296 HIPAA: vcloud Failed Logins Failed logins to the VMWare vcloud Director console. 297 HIPAA: vcloud Organization Created Vmware vcloud Director organization created events. 298 HIPAA: vcloud Organization Deleted VMWare vcloud Director organization deleted events. 299 HIPAA: vcloud Organization Modified VMWare vcloud Director organization modified events. 300 HIPAA: vcloud Successful Logins Successful logins to the VMWare vcloud Director console. 301 HIPAA: vcloud User Created VMWare vcloud Director user created events. 302 HIPAA: vcloud User Deleted or Removed VMWare vcloud Director users have been deleted or removed from the system. 303 HIPAA: vcloud vapp Created, Modified, or Deleted VMWare vcloud Director vapp created, deleted, and modified events. 304 HIPAA: vcloud vdc Create, Modify, or Delete 305 HIPAA: vshield Edge Configuration Changes VMWare vcloud Director virtual datacenter created, modified, or deleted events. Displays changes to VMWare vshield Edge policies. 306 HIPAA: VPN Sessions by Source IPs Displays all VPN sessions categorized by source IP addresses. 307 HIPAA: VPN Users Accessing Corporate Network Displays all users logging into the corporate network via Virtual Private Network to ensure appropriate access. 308 HIPAA: Web Access to Applications Displays all web-based access to applications to ensure appropriate and authorized access. 309 HIPAA: Web Access to Applications - F5 BIG-IP TMOS 310 HIPAA: Web Access to Applications - Microsoft IIS Displays all web-based access to applications to ensure appropriate and authorized access on F5 BIG-IP TMOS. Displays all web-based access to applications to ensure appropriate and authorized access on Microsoft IIS. 311 HIPAA: Windows Accounts Enabled Displays all accounts enabled on Windows servers to ensure authorized and appropriate access. 312 HIPAA: Windows Accounts Locked Displays all accounts locked out of Windows servers to detect access violations or unusual activities. 313 HIPAA: Windows Audit Logs Cleared Displays all audit logs clearing activities on Windows servers to detect access violations or unusual activity. 18 HIPAA Compliance Suite Quick Start Guide

19 for HIPAA : LogLogic Reports for HIPAA # LogLogic Report 314 HIPAA: Windows New Services Installed Displays a list of new services installed on Windows Servers to ensure authorized access. 315 HIPAA: Windows Servers Restarted Displays all Windows server restart activities to detect unusual activities. HIPAA Compliance Suite Quick Start Guide 19

20 for HIPAA : LogLogic Alerts for HIPAA LogLogic Alerts for HIPAA The following table lists the alerts included in the LogLogic Compliance Suite: HIPAA Edition. # LogLogic Alert 1 HIPAA: Accounts Created Alert when a new account is created on servers. 2 HIPAA: Accounts Deleted Alert when an account is deleted on servers. 3 HIPAA: Accounts Enabled Alert when an account has been enabled on servers. 4 HIPAA: Accounts Locked Alert when an account has been locked on servers. 5 HIPAA: Accounts Modified Alert when an account is modified on servers. 6 HIPAA: Active Directory Changes Changes made within Active Directory. 7 HIPAA: Anomalous Firewall Traffic Alert when firewall traffic patterns is out of the norm. 8 HIPAA: Anomalous IDS Alerts Alert when IDS anomalies are above or below defined thresholds. 9 HIPAA: Anomalous Total Log Traffic Alert when log traffic volume is out of the norm compared to the baseline. 10 HIPAA: Check Point Policy Changes Alert when a Check Point firewall's policy has been modified. 11 HIPAA: Cisco ISE, ACS Configuration Changed Alert when configuration changes are made to the Cisco ISE or Cisco SecureACS. 12 HIPAA: Cisco ISE, ACS Passwords Changed Alert when configuration changes are made to the Cisco ISE or Cisco SecureACS. 13 HIPAA: Cisco PIX, ASA, FWSM Commands Executed 14 HIPAA: Cisco PIX, ASA, FWSM Failover Disabled 15 HIPAA: Cisco PIX, ASA, FWSM Failover Performed Alert when a Cisco PIX, ASA, and FWSM commands are executed. Alert when a Cisco, ASA, FWSM HA configuration is disabled. Alert when a failover has occurred on the Cisco PIX, ASA, FWSM. 16 HIPAA: Cisco PIX, ASA, FWSM Restarted Alert when a Cisco PIX, ASA or FWSM has been restarted. 17 HIPAA: Cisco PIX, ASA, FWSM Routing Failure Alert when routing failure occurred in the Cisco PIX, ASA, or FWSM devices. 18 HIPAA: Cisco PIX, ASA, FWSM Policy Changed Alert when a Cisco PIX, ASA or FWSM firewall has been modified. 19 HIPAA: Cisco Switch Policy Changed Alert when Cisco router or switch configuration has been modified. 20 HIPAA: DB2 Database Configuration Change Alert when a configuration is changed on a DB2 database. 21 HIPAA: DB2 Database User Added or Dropped Alert when a user is added or dropped from a DB2 database. 22 HIPAA: DNS Server Shutdown Alert on DNS Server Shutdown. 23 HIPAA: DNS Server Started Alert on DNS Server Started. 24 HIPAA: Escalated Privileges Alert when a user or program has escalated the privileges. 25 HIPAA: F5 BIG-IP TMOS Risky Traffic F5 BIG-IP TMOS traffic considered risky. 26 HIPAA: Firewall Traffic Considered Risky Alert on non HTTP, SSL, or SSH traffic passing through the firewall. 27 HIPAA: Group Members Added Alert when new members are added to user groups. 28 HIPAA: Group Members Deleted Alert when members are removed from user groups. 29 HIPAA: Groups Created Alert when new user groups are created. 30 HIPAA: Groups Deleted Alert when a user group is deleted. 31 HIPAA: Groups Modified Alert when a user group has been modified. 32 HIPAA: Guardium SQL Guard Config Changes Alert when a configuration is changed on Guardium SQL Database. 33 HIPAA: Guardium SQL Guard Data Access Alert when a select statement is made on Guardium SQL Database. 20 HIPAA Compliance Suite Quick Start Guide

21 for HIPAA : LogLogic Alerts for HIPAA # LogLogic Alert 34 HIPAA: Guardium SQL Guard Logins Alert when a user logs into the Guardium SQL Database. 35 HIPAA: IBM AIX Password Changed Alert when an account password is changed on IBM AIX servers. 36 HIPAA: i5/os Network Profile Changes Alerts when any changes are made to an i5/os network profile. 37 HIPAA: i5/os Permission or Policy Change Alerts when policies or permissions are changed on the i5/os. 38 HIPAA: i5/os Server or Service Status Change Alerts when the i5/os is restarted or a service stops or starts. 39 HIPAA: i5/os Software Updates Alert when events related to the i5/os software updates. 40 HIPAA: i5/os User Profile Changes Alerts when a user profile is changed on the i5/os. 41 HIPAA: Juniper Firewall HA State Change Alert when Juniper Firewall has changed its failover state. 42 HIPAA: Juniper Firewall Peer Missing Alert when a Juniper Firewall HA peer is missing. 43 HIPAA: Juniper Firewall Policy Changes Alert when Juniper Firewall configuration is changed. 44 HIPAA: Juniper Firewall Policy Out of Sync Alert when the Juniper Firewall's policy is out of sync. 45 HIPAA: Juniper Firewall System Reset Alert when the Juniper Firewall has been reset to system default. 46 HIPAA: Juniper VPN Policy Change Alert when Juniper VPN configuration is changed. 47 HIPAA: Logins Failed Alert when login failures are over the defined threshold. 48 HIPAA: Logins Succeeded Alert when successful logins are over the defined threshold. 49 HIPAA: LogLogic Disk Full Alert when the LogLogic Appliance's disk is near full. 50 HIPAA: LogLogic DSM Configuration Changes Alert when a configuration is changed on LogLogic DSM database. 51 HIPAA: LogLogic DSM Data Access Alert when a select statement is made on LogLogic DSM database. 52 HIPAA: LogLogic DSM Logins Alert when a user logs into the LogLogic DSM database. 53 HIPAA: LogLogic HA State Changed Alert when the LogLogic's HA setup has failed over. 54 HIPAA: LogLogic Message Routing Errors Alert when problems are detected during message forwarding. 55 HIPAA: LogLogic File Retrieval Errors Alert when problems are detected during log file retrieval. 56 HIPAA: Microsoft Operations Manager - Alert when user or group permissions have been changed. Permissions Changed 57 HIPAA: Microsoft Operations Manager - Alert when users have changed their passwords. Windows Passwords Changed 58 HIPAA: Microsoft Operations Manager - Alert when Windows policies changed. Windows Policies Changed 59 HIPAA: Microsoft Sharepoint Content Deleted Alerts on Microsoft Sharepoint content deleted events. 60 HIPAA: Microsoft Sharepoint Content Updated Alerts on Microsoft Sharepoint content updated events. 61 HIPAA: Microsoft Sharepoint Permission Changed Alerts on Microsoft Sharepoint permission changed events. 62 HIPAA: Microsoft Sharepoint Policies Added, Removed, Modified Alerts on Microsoft Sharepoint policy additions, deleteions, and modifications. 63 HIPAA: NetApp Filer Audit Policies Changed Alert when NetApp Filer Audit policies changed. 64 HIPAA: NetApp Authentication Failure Alerts when NetApp authentication failure events occur. 65 HIPAA: NetApp Filer Disk Failure Alert when disks are failing on the NetApp Filer device. 66 HIPAA: NetApp Filer Disk Missing Alert when a disk is missing on the NetApp Filer device. 67 HIPAA: NetApp Filer Disk Scrub Suspended Alert when the disk scrubbing process has been suspended. 68 HIPAA: NetApp Filer File System Full Alert when the file system is full on the NetApp Filer device. 69 HIPAA: NetApp Filer NIS Group Update Alert when the NIS group has been updated on the Filer device. 70 HIPAA: NetApp Filer Disk Inserted Alert when a disk is inserted into the NetApp Filer. 71 HIPAA: NetApp Filer Disk Pulled Alert when a RAID disk has been pulled from the Filer device. HIPAA Compliance Suite Quick Start Guide 21