Previous Topic: Agentless Log CollectionNext Topic: Policy Violation Alerts


Compliance Reports

All predefined reports are associated with one or more report tags. Use report tags to identify reports that can help you assess compliance with specific standards.

Out-of-the-box PCI Reports

Problem:

Suppose you need to demonstrate PCI compliance, but do not know what reports are required or how to produce them.

Solution:

After you have configured CA User Activity Reporting Module to collect logs, run the out-of-box PCI reports and review them with the auditor. The PCI reports quickly satisfy the auditor that your site demonstrates compliance with key PCI controls.

Procedures

More Information

Example: Run PCI Reports

 

Compliance Reporting

Out-of-the-box SOX Reports

Problem:

Suppose you need to demonstrate SOX compliance, but do not know what reports are required or how to produce them.

Solution:

After you have configured CA User Activity Reporting Module to collect logs, run the out-of-box SOX reports and review them with the auditor. The SOX reports quickly satisfy the auditor that your site demonstrates compliance with key SOX controls.

Procedures

More Information

Using Tags

View a Report

Scheduling a Report

Compliance Reporting

Example: Create a Report from Existing Queries

Business-Relevant Grouping with UI-Defined Method

Problem:

The analyst collects logs from dozens of servers, but only fifteen are considered in-scope for PCI compliance. The auditor does not want the reports skewed with data from out-of-scope servers.

Solution:

The analyst configures a user-defined (keyed value) list that contains the host names for the fifteen in-scope servers and then configures the PCI reports to populate data from only the servers on that list.

Procedures

More Information

Preparing to Use Reports With Keyed Lists

Update a Keyed List Manually

Customize Keyed Values for Administrators

View a Report Using a Keyed List

Business-Relevant Grouping with Imported List Method

Problem:

The analyst collects logs from dozens of servers, but only fifteen are considered in-scope for PCI compliance. The analyst maintains the in-scope server list in a flat file (carriage-return delimited format). The auditor does not want the reports skewed with data from out-of-scope servers.

Solution:

The analyst imports the user-defined (keyed) list values that contain the host names for the fifteen in-scope servers and then configures the PCI reports to populate data from only the servers on that list.

Procedures

More Information

Update a Keyed List with Export/Import

Example: Update a Keyed List with a CSV File

 

Create Keyed Values for Critical_Assets

Example: Create an Alert for Business Critical Sources

Business-Relevant Grouping with IT PAM Dynamic Keyed List Method

Problem:

An asset database table with important attributes about every asset already exists in the Microsoft SQL Server. It contains hostname, business unit, physical location, system owner, and criticality. The analyst needs to produce weekly reports of privileged user activities on critical systems in each data center.

Solution:

The administrator configures an IT PAM process called Get Critical Asset Values to read the asset table and create a list of assets marked critical. Each week, the administrator, updates the Critical_Assets key values with the dynamic values process, Get Critical Asset Values. The administrator identifies a predefined query that is close to what is needed. It is called (>5) Logins by Admin Accounts on Critical Systems during Night for Last 1 Day. This query's query filter uses keyed lists for Critical_Assets and Administrators. This query's Date Range Selection for Result Conditions is 'now' and 'now', '-1 days'. The administrator copies this query and modifies the resulting user-defined query as follows: (1) changes to query's Date Range Selection to 'now' and '-1 week' and (2) modifies the advanced filter to use the keyed lists for Critical_Assets and Privileged_Group. Then, the administrator schedules a non-federated report on the reporting server in each data center. These weekly reports are scheduled to run several hours after the administrator imports the dynamic values list for Critical_Assets.

Procedures

More Information

Update Keyed List with a Dynamic Values Process

Edit a Query

Example: Create a Report from Existing Queries

How to Schedule a Report Job

Enabling Dynamic Values Import

Create a CA IT PAM Process to Generate a Values List

Configure CA IT PAM Integration for Dynamic Values

Connection to External User Store

Problem:

User identities already exist in the organization’s corporate directory. Defining the users again in CA User Activity Reporting Module is redundant and introduces the possibility of error.

Solution:

The analyst configures CA User Activity Reporting Module to connect to the corporate Active Directory for user authentication. Auditors can access CA User Activity Reporting Module with their domain credentials.

Procedures

More Information

How to Manage Referenced User Accounts

Configuring the User Store

Role-based Access to Reports

Problem:

Event logs contain sensitive information that requires role-based access controls. Defining individual users and rights can be complex and can lead to unintended authorization.

Solution:

An Administrator creates a PCI Auditors group and assigns this custom application group (role) to individuals who audit PCI controls. This allows PCI auditors to access only previously-generated PCI reports.

Procedures

More Information

Create an Access Filter

For a walk through of a scenario to restrict access to PCI Reports for members of a custom PCI-Analyst role, see Restricting Access for a Role: PCI-Analyst Scenario

For a walk through of a scenario to restrict access to reports from one region's Windows Domain Controllers for the individual acting as the Windows administrator, see Restricting Data Access for a User: Win-Admin Scenario

For the process of creating custom roles and related access policies, see Configuring Custom User Roles and Access Policies