Event Log Management with Netwrix Auditor

Generic events consolidation, archiving, real-time alerting and reporting

Compliance Audits

Reports for Compliance Audits: SOX, GLBA, PCI, HIPAA

Netwrix Event Log Manager includes predefined out of the box reports for compliance audits, covering all major regulations:



SOX Audit Reports
All Events by User Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
All Security Events by User Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Audit Log Cleared Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Audit Policy Changes Comply with internal controls - Section 302(a)(5) - by tracking the event logs for any changes in the security audit policy.
Computer Account Changes Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Failed Logon Attempts Sections 302(a)(4)(C) and 302(a)(4)(D) require user accesses to the system to be recorded and monitored for possible abuse.
Group Management Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Group Membership Management Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Remote Desktop Sessions Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
Successful User Logons Sections 302(a)(4)(C) and 302(a)(4)(D) require user accesses to the system to be recorded and monitored for possible abuse.
System Time Changes Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
User Account Management Section 302(a)(6) requires tracking of significant changes in internal controls or in other factors that could significantly affect internal controls.
User Logoffs Sections 302(a)(4)(C) and 302(a)(4)(D) require user accesses to the system to be recorded and monitored for possible abuse.
HIPAA Audit Reports
All Events by User Section 164.308(a)(1)(ii)(D) requires implementation of procedures to regularly review records of information system activity, such as audit logs.
All Security Events by User Section 164.308(a)(6)(ii) requires to identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.
Audit Log Cleared Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Audit Policy Changes Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Computer Account Changes Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Failed Logon Attempts All unsuccessful login attempts.
Group Management Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Group Membership Management Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Remote Desktop Sessions Required by 164.308(a)(1)(ii)(D) - Information system activity review.
Successful User Logons Log-in Monitoring: Procedures for monitoring log-in attempts and reporting discrepancies (164.308(a)(5)(ii)(C).
System Time Changes Required by 164.308(a)(1)(ii)(D) - Information system activity review.
User Account Management Required by 164.308(a)(1)(ii)(D) - Information system activity review.
User Logoffs Complements user logons report to analyze user activities.
GLBA Audit Reports
Audit Log Cleared GLBA regulations require access control and security monitoring.
Failed Logon Attempts Complements the user logon report.
Successful User Logons GLBA compliance requirements explicitly state the need to monitor user access to systems.
User Logoffs Complements user logons report to analyze user activities.
PCI DSS Audit Reports
All Events by User Section 10.2 of PCI DSS requires implementation of automated audit trails to reconstruct the required events.
Audit Log Cleared Section 10.5 of PCI DSS requires secure audit trails so they cannot be altered.
Audit Policy Changes Required for PCI-DSS 10.2.3 - Access to all audit trails, lets organizations to comply with internal controls by tracking the event logs for any changes in the security audit policy.
Failed Logon Attempts Required for PCI DSS 10.2.4 (Implement automated audit trails to reconstruct the required events).
Successful User Logons Required for PCI DSS 10.2.1 (Implement automated audit trails to reconstruct the required events).
User Logoffs Complements the user logon report.

Customers can also create their own custom reports or tailor existing predefined reports to their needs. Reports can be scheduled to run periodically, automatically e-mailed, and exported in several formats, such as PDF and XLS.

Note that event log management products alone, such as Netwrix Event Log Manager and similar products by other vendors, never provide complete compliance coverage, disregarding what vendors are saying. Netwrix provides integrated Compliance Solutions that include Event Log Manager and other proven products integrated together to provide much broader coverage.