GPG13 alerts and corresponding controls
The following section lists the GPG13 alerts and the corresponding controls.
| Serial number | Alert Name | Compliance Mapping |
|---|---|---|
| 1 | GPG13: Accounts Created | PMC3, PMC4, PMC5, PMC6 |
| 2 | GPG13: Accounts Deleted | PMC3, PMC4, PMC5, PMC6 |
| 3 | GPG13: Accounts Enabled | PMC3, PMC4, PMC5, PMC6 |
| 4 | GPG13: Accounts Locked | PMC3, PMC4, PMC5, PMC6 |
| 5 | GPG13: Accounts Modified | PMC3, PMC4, PMC5, PMC6 |
| 6 | GPG13: Active Directory Changes | PMC4 |
| 7 | GPG13: Active Directory Changes | PMC4 |
| 8 | GPG13: Allowed Connections | PMC2, PMC3, PMC5 |
| 9 | GPG13: Anomalous IDS Alerts | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 10 | GPG13: Check Point Policy Changed | PMC3, PMC4, PMC5, PMC6 |
| 11 | GPG13: Cisco ISE, ACS Configuration Changed | PMC4, PMC5, PMC7 |
| 12 | GPG13: Cisco ISE, ACS Passwords Changed | PMC4, PMC5, PMC8 |
| 13 | GPG13: Cisco PIX, ASA, FWSM Commands Executed | PMC4, PMC5, PMC9 |
| 14 | GPG13: Cisco PIX, ASA, FWSM Failover Disabled | PMC4, PMC5, PMC10 |
| 15 | GPG13: Cisco PIX, ASA, FWSM Failover Errors | PMC3, PMC4, PMC5, PMC6 |
| 16 | GPG13: Cisco PIX, ASA, FWSM Failover Performed | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 17 | GPG13: Cisco PIX, ASA, FWSM Logon Failure | PMC5, PMC6, PMC7 |
| 18 | GPG13: Cisco PIX, ASA, FWSM Logon Success | PMC5, PMC6, PMC8 |
| 19 | GPG13: Cisco PIX, ASA, FWSM Policy Changed | PMC3, PMC4, PMC5, PMC6 |
| 20 | GPG13: System Restarted | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 21 | GPG13: Cisco PIX, ASA, FWSM Routing Failure | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 22 | GPG13: Cisco Switch Device Reload | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 23 | GPG13: Cisco Switch Device Restart | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 24 | GPG13: Cisco Switch HA Failure (ver) | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 25 | GPG13: Cisco Switch Interface Change | PMC4, PMC5, PMC7 |
| 26 | GPG13: Cisco Switch Policy Changed | PMC3, PMC4, PMC5, PMC6 |
| 27 | GPG13: DB2 Database Backup Failed | PMC4, PMC7, PMC8 |
| 28 | GPG13: DB2 Database Configuration Change | PMC4, PMC5, PMC7 |
| 29 | GPG13: DB2 Database Restore Failed | PMC4, PMC5, PMC7, PMC8 |
| 30 | GPG13: DB2 Database Started or Stopped | PMC4, PMC5, PMC7 |
| 31 | GPG13: Escalated Privileges | PMC4, PMC7 |
| 32 | GPG13: Excessive IDS Attack | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 33 | GPG13: Group Members Added | PMC3, PMC4, PMC5, PMC6 |
| 34 | GPG13: Group Members Deleted | PMC3, PMC4, PMC5, PMC6 |
| 35 | GPG13: Groups Created | PMC3, PMC4, PMC5, PMC6 |
| 36 | GPG13: Groups Deleted | PMC3, PMC4, PMC5, PMC6 |
| 37 | GPG13: Groups Modified | PMC3, PMC4, PMC5, PMC6 |
| 38 | GPG13: Guardium SQL Guard Config Changes | PMC4, PMC5, PMC7 |
| 39 | GPG13: Guardium SQL Guard Data Access | PMC4, PMC5, PMC7 |
| 40 | GPG13: Guardium SQL Guard Logins | PMC5, PMC7 |
| 41 | GPG13: Guardium SQL Guard Startup or Shutdown | PMC5, PMC7, PMC9 |
| 42 | GPG13: HP NonStop Audit Configuration Changed | PMC4, PMC5, PMC7 |
| 43 | GPG13: HP NonStop Audit Permission Changed | PMC4, PMC5, PMC7 |
| 44 | GPG13: i5/OS Network Profile Changes | PMC3, PMC4, PMC5, PMC6 |
| 45 | GPG13: i5/OS Permission or Policy Change | PMC3, PMC4, PMC5, PMC6 |
| 46 | GPG13: i5/OS Server or Service Status Change | PMC4, PMC5 |
| 47 | GPG13: i5/OS User Profile Changes | PMC5, PMC7, PMC8 |
| 48 | GPG13: IBM AIX Password Changed | PMC5, PMC7 |
| 49 | GPG13: Juniper Firewall HA State Change | PMC3, PMC5, PMC6 |
| 50 | GPG13: Juniper Firewall Logon Failure | PMC3, PMC6 |
| 51 | GPG13: Juniper Firewall Logon Success | PMC3, PMC6 |
| 52 | GPG13: Juniper Firewall Policy Changes | PMC3, PMC4, PMC5, PMC6 |
| 53 | GPG13: Juniper Firewall System Reset | PMC3, PMC4, PMC5, PMC6, PMC9 |
| 54 | GPG13: Juniper VPN Policy Change | PMC3, PMC4, PMC5, PMC6 |
| 55 | GPG13: Logins Failed | PMC3, PMC4, PMC5, PMC6 |
| 56 | GPG13: Logins Succeeded | PMC2, PMC3, PMC7 |
| 57 | GPG13: LogLogic Disk Full | PMC10 |
| 58 | GPG13: LogLogic DSM Configuration Changes | PMC4, PMC5, PMC10 |
| 59 | GPG13: LogLogic DSM Data Access | PMC5, PMC10 |
| 60 | GPG13: LogLogic DSM Logins | PMC5 |
| 61 | GPG13: LogLogic DSM Startup or Shutdown | PMC5 |
| 62 | GPG13: LogLogic File Retrieval Errors | PMC4, PMC5, PMC10 |
| 63 | GPG13: LogLogic Management Center Backed Up or Restored | PMC4, PMC5 |
| 64 | GPG13: LogLogic Message Routing Errors | PMC4, PMC5, PMC10 |
| 65 | GPG13: LogLogic Universal Collector Configuration Changed | PMC4, PMC5, PMC10 |
| 66 | GPG13: Microsoft Operations Manager - Permissions Changed | PMC5, PMC7 |
| 67 | GPG13: Microsoft Operations Manager - Windows Passwords Changed | PMC5, PMC7 |
| 68 | GPG13: Microsoft Operations Manager - Windows Policies Changed | PMC5, PMC7 |
| 69 | GPG13: Microsoft Sharepoint Permission Changed | PMC4, PMC5, PMC7 |
| 70 | GPG13: Microsoft Sharepoint Policies Added, Removed, Modified | PMC4, PMC5, PMC7 |
| 71 | GPG13: Microsoft SQL Server Backup Failed | PMC4, PMC7, PMC8 |
| 72 | GPG13: Microsoft SQL Server Restore Failed | PMC4, PMC5, PMC7, PMC8 |
| 73 | GPG13: Microsoft SQL Server Shutdown | PMC5, PMC7 |
| 74 | GPG13: NetApp Authentication Failure | PMC5 |
| 75 | GPG13: NetApp Filer Audit Policies Changed | PMC4, PMC5 |
| 76 | GPG13: NetApp Filer File System Full | PMC5 |
| 77 | GPG13: NetApp Filer NIS Group Update | PMC5 |
| 78 | GPG13: NetApp Filer Snapshot Error | PMC4, PMC5, PMC8 |
| 79 | GPG13: Oracle Database Configuration Change | PMC4, PMC5, PMC7 |
| 80 | GPG13: Oracle Database Data Access | PMC5, PMC7 |
| 81 | GPG13: Oracle Database Permissions Changed | PMC5, PMC7 |
| 82 | GPG13: Oracle Database Shutdown | PMC5, PMC7, PMC9 |
| 83 | GPG13: Oracle Database User Added or Deleted | PMC5, PMC7 |
| 84 | GPG13: Pulse Connect Secure Policy Change | PMC3, PMC4, PMC5, PMC6 |
| 85 | GPG13: RACF Files Accessed | PMC4, PMC5 |
| 86 | GPG13: RACF Passwords Changed | PMC5 |
| 87 | GPG13: RACF Permissions Changed | PMC5 |
| 88 | GPG13: RACF Process Started | PMC5 |
| 89 | GPG13: Sidewinder Configuration Changed | PMC2, PMC3, PMC4, PMC5, PMC6 |
| 90 | GPG13: Sybase ASE Database Backed Up or Restored | PMC4, PMC5, PMC7, PMC8 |
| 91 | GPG13: Sybase ASE Database Config Changes | PMC4, PMC5, PMC7 |
| 92 | GPG13: Sybase ASE Database Data Access | PMC5, PMC7 |
| 93 | GPG13: Sybase ASE Database Started | PMC5, PMC7 |
| 94 | GPG13: Sybase ASE Database Stopped | PMC5, PMC7 |
| 95 | GPG13: Symantec Endpoint Protection Configuration Changed | PMC3, PMC4, PMC5, PMC6 |
| 96 | GPG13: Symantec Endpoint Protection Policy Add, Delete, Modify | PMC3, PMC5, PMC6 |
| 97 | GPG13: TIBCO ActiveMatrix Administrator Permission Changed | PMC4, PMC7 |
| 98 | GPG13: vCenter Data Move | PMC7 |
| 99 | GPG13: vCenter Datastore Event | PMC7, PMC8 |
| 100 | GPG13: vCenter Delete Virtual Machine | PMC7 |
| 101 | GPG13: vCenter Firewall Policy Change | PMC3, PMC4 |
| 102 | GPG13: vCenter Orchestrator Datastore Events | PMC7, PMC8 |
| 103 | GPG13: vCenter Orchestrator Delete Virtual Machine | PMC7 |
| 104 | GPG13: vCenter Orchestrator Login Failed | PMC7 |
| 105 | GPG13: vCenter Orchestrator Virtual Machine Shutdown | PMC7 |
| 106 | GPG13: vCenter Permission Change | PMC7 |
| 107 | GPG13: vCenter Restart ESX Services | PMC4, PMC9 |
| 108 | GPG13: vCenter Shutdown or Restart ESX | PMC4, PMC9 |
| 109 | GPG13: vCenter User Login Failed | PMC7 |
| 110 | GPG13: vCenter User Login Successful | PMC7 |
| 111 | GPG13: vCenter Virtual Machine Shutdown | PMC7 |
| 112 | GPG13: vCenter Virtual Machine Started | PMC7 |
| 113 | GPG13: vCloud Director Login Failed | PMC7 |
| 114 | GPG13: vCloud Director Login Success | PMC7 |
| 115 | GPG13: vCloud Organization Modified | PMC7 |
| 116 | GPG13: vCloud User Created | PMC7 |
| 117 | GPG13: vCloud User, Group, or Role Modified | PMC7 |
| 118 | GPG13: vCloud vApp Created, Deleted, or Modified | PMC7 |
| 119 | GPG13: vCloud vDC Created, Modified, or Deleted | PMC7 |
| 120 | GPG13: vShield Edge Configuration Change | PMC3, PMC4, PMC5, PMC6 |
| 121 | GPG13: Windows Audit Log Cleared | PMC7 |
| 122 | GPG13: Windows Files Accessed | PMC7 |
| 123 | GPG13: Windows Passwords Changed | PMC5, PMC7 |
| 124 | GPG13: Windows Permissions Changed | PMC5, PMC7 |
| 125 | GPG13: Windows Policies Changed | PMC3, PMC4, PMC5, PMC6 |
| 126 | GPG13: Windows Programs Accessed | PMC4, PMC7 |
| 127 | GPG13: System Restarted | PMC4, PMC9 |
Copyright © Cloud Software Group, Inc. All rights reserved.