|
|
|
All predefined reports are associated with one or more report tags. Use report tags to identify reports that can help you assess compliance with specific standards.
Out-of-the-box PCI Reports
Suppose you need to demonstrate PCI compliance, but do not know what reports are required or how to produce them.
After you have configured CA Enterprise Log Manager to collect logs, run the out-of-box PCI reports and review them with the auditor. The PCI reports quickly satisfy the auditor that your site demonstrates compliance with key PCI controls.
|
Procedures |
More Information |
|---|---|
|
|
Out-of-the-box SOX Reports
Suppose you need to demonstrate SOX compliance, but do not know what reports are required or how to produce them.
After you have configured CA Enterprise Log Manager to collect logs, run the out-of-box SOX reports and review them with the auditor. The SOX reports quickly satisfy the auditor that your site demonstrates compliance with key SOX controls.
|
Procedures |
More Information |
|---|---|
Business-Relevant Grouping with UI-Defined Method
The analyst collects logs from dozens of servers, but only fifteen are considered in-scope for PCI compliance. The auditor does not want the reports skewed with data from out-of-scope servers.
The analyst configures a user-defined (keyed value) list that contains the host names for the fifteen in-scope servers and then configures the PCI reports to populate data from only the servers on that list.
|
Procedures |
More Information |
|---|---|
|
Preparing to Use Reports With Keyed Lists |
Business-Relevant Grouping with Imported List Method
The analyst collects logs from dozens of servers, but only fifteen are considered in-scope for PCI compliance. The analyst maintains the in-scope server list in a flat file (carriage-return delimited format). The auditor does not want the reports skewed with data from out-of-scope servers.
The analyst imports the user-defined (keyed) list values that contain the host names for the fifteen in-scope servers and then configures the PCI reports to populate data from only the servers on that list.
|
Procedures |
More Information |
|---|---|
|
Update a Keyed List with Export/Import Example: Update a Keyed List with a CSV File
|
Business-Relevant Grouping with IT PAM Dynamic Keyed List Method
An asset database table with important attributes about every asset already exists in the Microsoft SQL Server. It contains hostname, business unit, physical location, system owner, and criticality. The analyst needs to produce weekly reports of privileged user activities on critical systems in each data center.
The administrator configures an IT PAM process called Get Critical Asset Values to read the asset table and create a list of assets marked critical. Each week, the administrator, updates the Critical_Assets key values with the dynamic values process, Get Critical Asset Values. The administrator identifies a predefined query that is close to what is needed. It is called (>5) Logins by Admin Accounts on Critical Systems during Night for Last 1 Day. This query's query filter uses keyed lists for Critical_Assets and Administrators. This query's Date Range Selection for Result Conditions is 'now' and 'now', '-1 days'. The administrator copies this query and modifies the resulting user-defined query as follows: (1) changes to query's Date Range Selection to 'now' and '-1 week' and (2) modifies the advanced filter to use the keyed lists for Critical_Assets and Privileged_Group. Then, the administrator schedules a non-federated report on the reporting server in each data center. These weekly reports are scheduled to run several hours after the administrator imports the dynamic values list for Critical_Assets.
|
Procedures |
More Information |
|---|---|
|
Update Keyed List with a Dynamic Values Process |
Enabling Dynamic Values Import Create a CA IT PAM Process to Generate a Values List |
Connection to External User Store
User identities already exist in the organization's corporate directory. Defining the users again in CA Enterprise Log Manager is redundant and introduces the possibility of error.
The analyst configures CA Enterprise Log Manager to connect to the corporate Active Directory for user authentication. Auditors can access CA Enterprise Log Manager with their domain credentials.
|
Procedures |
More Information |
|---|---|
Role-based Access to Reports
Event logs contain sensitive information that requires role-based access controls. Defining individual users and rights can be complex and can lead to unintended authorization.
An Administrator creates a PCI Auditors group and assigns this custom application group (role) to individuals who audit PCI controls. This allows PCI auditors to access only previously-generated PCI reports.
|
Procedures |
More Information |
|
|---|---|---|
|
For a walk through of a scenario to restrict access to PCI Reports for members of a custom PCI-Analyst role, see Restricting Access for a Role: PCI-Analyst Scenario |
For a walk through of a scenario to restrict access to reports from one region's Windows Domain Controllers for the individual acting as the Windows administrator, see Restricting Data Access for a User: Win-Admin Scenario For the process of creating custom roles and related access policies, see Configuring Custom User Roles and Access Policies |
|
|
|
||
|
|
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |