GPG13 alerts and corresponding controls
The following section lists the GPG13 alerts and the corresponding controls.
Serial number | Alert Name | Compliance Mapping |
---|---|---|
1 | GPG13: Accounts Created | PMC3, PMC4, PMC5, PMC6 |
2 | GPG13: Accounts Deleted | PMC3, PMC4, PMC5, PMC6 |
3 | GPG13: Accounts Enabled | PMC3, PMC4, PMC5, PMC6 |
4 | GPG13: Accounts Locked | PMC3, PMC4, PMC5, PMC6 |
5 | GPG13: Accounts Modified | PMC3, PMC4, PMC5, PMC6 |
6 | GPG13: Active Directory Changes | PMC4 |
7 | GPG13: Active Directory Changes | PMC4 |
8 | GPG13: Allowed Connections | PMC2, PMC3, PMC5 |
9 | GPG13: Anomalous IDS Alerts | PMC3, PMC4, PMC5, PMC6, PMC9 |
10 | GPG13: Check Point Policy Changed | PMC3, PMC4, PMC5, PMC6 |
11 | GPG13: Cisco ISE, ACS Configuration Changed | PMC4, PMC5, PMC7 |
12 | GPG13: Cisco ISE, ACS Passwords Changed | PMC4, PMC5, PMC8 |
13 | GPG13: Cisco PIX, ASA, FWSM Commands Executed | PMC4, PMC5, PMC9 |
14 | GPG13: Cisco PIX, ASA, FWSM Failover Disabled | PMC4, PMC5, PMC10 |
15 | GPG13: Cisco PIX, ASA, FWSM Failover Errors | PMC3, PMC4, PMC5, PMC6 |
16 | GPG13: Cisco PIX, ASA, FWSM Failover Performed | PMC3, PMC4, PMC5, PMC6, PMC9 |
17 | GPG13: Cisco PIX, ASA, FWSM Logon Failure | PMC5, PMC6, PMC7 |
18 | GPG13: Cisco PIX, ASA, FWSM Logon Success | PMC5, PMC6, PMC8 |
19 | GPG13: Cisco PIX, ASA, FWSM Policy Changed | PMC3, PMC4, PMC5, PMC6 |
20 | GPG13: System Restarted | PMC3, PMC4, PMC5, PMC6, PMC9 |
21 | GPG13: Cisco PIX, ASA, FWSM Routing Failure | PMC3, PMC4, PMC5, PMC6, PMC9 |
22 | GPG13: Cisco Switch Device Reload | PMC3, PMC4, PMC5, PMC6, PMC9 |
23 | GPG13: Cisco Switch Device Restart | PMC3, PMC4, PMC5, PMC6, PMC9 |
24 | GPG13: Cisco Switch HA Failure (ver) | PMC3, PMC4, PMC5, PMC6, PMC9 |
25 | GPG13: Cisco Switch Interface Change | PMC4, PMC5, PMC7 |
26 | GPG13: Cisco Switch Policy Changed | PMC3, PMC4, PMC5, PMC6 |
27 | GPG13: DB2 Database Backup Failed | PMC4, PMC7, PMC8 |
28 | GPG13: DB2 Database Configuration Change | PMC4, PMC5, PMC7 |
29 | GPG13: DB2 Database Restore Failed | PMC4, PMC5, PMC7, PMC8 |
30 | GPG13: DB2 Database Started or Stopped | PMC4, PMC5, PMC7 |
31 | GPG13: Escalated Privileges | PMC4, PMC7 |
32 | GPG13: Excessive IDS Attack | PMC3, PMC4, PMC5, PMC6, PMC9 |
33 | GPG13: Group Members Added | PMC3, PMC4, PMC5, PMC6 |
34 | GPG13: Group Members Deleted | PMC3, PMC4, PMC5, PMC6 |
35 | GPG13: Groups Created | PMC3, PMC4, PMC5, PMC6 |
36 | GPG13: Groups Deleted | PMC3, PMC4, PMC5, PMC6 |
37 | GPG13: Groups Modified | PMC3, PMC4, PMC5, PMC6 |
38 | GPG13: Guardium SQL Guard Config Changes | PMC4, PMC5, PMC7 |
39 | GPG13: Guardium SQL Guard Data Access | PMC4, PMC5, PMC7 |
40 | GPG13: Guardium SQL Guard Logins | PMC5, PMC7 |
41 | GPG13: Guardium SQL Guard Startup or Shutdown | PMC5, PMC7, PMC9 |
42 | GPG13: HP NonStop Audit Configuration Changed | PMC4, PMC5, PMC7 |
43 | GPG13: HP NonStop Audit Permission Changed | PMC4, PMC5, PMC7 |
44 | GPG13: i5/OS Network Profile Changes | PMC3, PMC4, PMC5, PMC6 |
45 | GPG13: i5/OS Permission or Policy Change | PMC3, PMC4, PMC5, PMC6 |
46 | GPG13: i5/OS Server or Service Status Change | PMC4, PMC5 |
47 | GPG13: i5/OS User Profile Changes | PMC5, PMC7, PMC8 |
48 | GPG13: IBM AIX Password Changed | PMC5, PMC7 |
49 | GPG13: Juniper Firewall HA State Change | PMC3, PMC5, PMC6 |
50 | GPG13: Juniper Firewall Logon Failure | PMC3, PMC6 |
51 | GPG13: Juniper Firewall Logon Success | PMC3, PMC6 |
52 | GPG13: Juniper Firewall Policy Changes | PMC3, PMC4, PMC5, PMC6 |
53 | GPG13: Juniper Firewall System Reset | PMC3, PMC4, PMC5, PMC6, PMC9 |
54 | GPG13: Juniper VPN Policy Change | PMC3, PMC4, PMC5, PMC6 |
55 | GPG13: Logins Failed | PMC3, PMC4, PMC5, PMC6 |
56 | GPG13: Logins Succeeded | PMC2, PMC3, PMC7 |
57 | GPG13: LogLogic Disk Full | PMC10 |
58 | GPG13: LogLogic DSM Configuration Changes | PMC4, PMC5, PMC10 |
59 | GPG13: LogLogic DSM Data Access | PMC5, PMC10 |
60 | GPG13: LogLogic DSM Logins | PMC5 |
61 | GPG13: LogLogic DSM Startup or Shutdown | PMC5 |
62 | GPG13: LogLogic File Retrieval Errors | PMC4, PMC5, PMC10 |
63 | GPG13: LogLogic Management Center Backed Up or Restored | PMC4, PMC5 |
64 | GPG13: LogLogic Message Routing Errors | PMC4, PMC5, PMC10 |
65 | GPG13: LogLogic Universal Collector Configuration Changed | PMC4, PMC5, PMC10 |
66 | GPG13: Microsoft Operations Manager - Permissions Changed | PMC5, PMC7 |
67 | GPG13: Microsoft Operations Manager - Windows Passwords Changed | PMC5, PMC7 |
68 | GPG13: Microsoft Operations Manager - Windows Policies Changed | PMC5, PMC7 |
69 | GPG13: Microsoft Sharepoint Permission Changed | PMC4, PMC5, PMC7 |
70 | GPG13: Microsoft Sharepoint Policies Added, Removed, Modified | PMC4, PMC5, PMC7 |
71 | GPG13: Microsoft SQL Server Backup Failed | PMC4, PMC7, PMC8 |
72 | GPG13: Microsoft SQL Server Restore Failed | PMC4, PMC5, PMC7, PMC8 |
73 | GPG13: Microsoft SQL Server Shutdown | PMC5, PMC7 |
74 | GPG13: NetApp Authentication Failure | PMC5 |
75 | GPG13: NetApp Filer Audit Policies Changed | PMC4, PMC5 |
76 | GPG13: NetApp Filer File System Full | PMC5 |
77 | GPG13: NetApp Filer NIS Group Update | PMC5 |
78 | GPG13: NetApp Filer Snapshot Error | PMC4, PMC5, PMC8 |
79 | GPG13: Oracle Database Configuration Change | PMC4, PMC5, PMC7 |
80 | GPG13: Oracle Database Data Access | PMC5, PMC7 |
81 | GPG13: Oracle Database Permissions Changed | PMC5, PMC7 |
82 | GPG13: Oracle Database Shutdown | PMC5, PMC7, PMC9 |
83 | GPG13: Oracle Database User Added or Deleted | PMC5, PMC7 |
84 | GPG13: Pulse Connect Secure Policy Change | PMC3, PMC4, PMC5, PMC6 |
85 | GPG13: RACF Files Accessed | PMC4, PMC5 |
86 | GPG13: RACF Passwords Changed | PMC5 |
87 | GPG13: RACF Permissions Changed | PMC5 |
88 | GPG13: RACF Process Started | PMC5 |
89 | GPG13: Sidewinder Configuration Changed | PMC2, PMC3, PMC4, PMC5, PMC6 |
90 | GPG13: Sybase ASE Database Backed Up or Restored | PMC4, PMC5, PMC7, PMC8 |
91 | GPG13: Sybase ASE Database Config Changes | PMC4, PMC5, PMC7 |
92 | GPG13: Sybase ASE Database Data Access | PMC5, PMC7 |
93 | GPG13: Sybase ASE Database Started | PMC5, PMC7 |
94 | GPG13: Sybase ASE Database Stopped | PMC5, PMC7 |
95 | GPG13: Symantec Endpoint Protection Configuration Changed | PMC3, PMC4, PMC5, PMC6 |
96 | GPG13: Symantec Endpoint Protection Policy Add, Delete, Modify | PMC3, PMC5, PMC6 |
97 | GPG13: TIBCO ActiveMatrix Administrator Permission Changed | PMC4, PMC7 |
98 | GPG13: vCenter Data Move | PMC7 |
99 | GPG13: vCenter Datastore Event | PMC7, PMC8 |
100 | GPG13: vCenter Delete Virtual Machine | PMC7 |
101 | GPG13: vCenter Firewall Policy Change | PMC3, PMC4 |
102 | GPG13: vCenter Orchestrator Datastore Events | PMC7, PMC8 |
103 | GPG13: vCenter Orchestrator Delete Virtual Machine | PMC7 |
104 | GPG13: vCenter Orchestrator Login Failed | PMC7 |
105 | GPG13: vCenter Orchestrator Virtual Machine Shutdown | PMC7 |
106 | GPG13: vCenter Permission Change | PMC7 |
107 | GPG13: vCenter Restart ESX Services | PMC4, PMC9 |
108 | GPG13: vCenter Shutdown or Restart ESX | PMC4, PMC9 |
109 | GPG13: vCenter User Login Failed | PMC7 |
110 | GPG13: vCenter User Login Successful | PMC7 |
111 | GPG13: vCenter Virtual Machine Shutdown | PMC7 |
112 | GPG13: vCenter Virtual Machine Started | PMC7 |
113 | GPG13: vCloud Director Login Failed | PMC7 |
114 | GPG13: vCloud Director Login Success | PMC7 |
115 | GPG13: vCloud Organization Modified | PMC7 |
116 | GPG13: vCloud User Created | PMC7 |
117 | GPG13: vCloud User, Group, or Role Modified | PMC7 |
118 | GPG13: vCloud vApp Created, Deleted, or Modified | PMC7 |
119 | GPG13: vCloud vDC Created, Modified, or Deleted | PMC7 |
120 | GPG13: vShield Edge Configuration Change | PMC3, PMC4, PMC5, PMC6 |
121 | GPG13: Windows Audit Log Cleared | PMC7 |
122 | GPG13: Windows Files Accessed | PMC7 |
123 | GPG13: Windows Passwords Changed | PMC5, PMC7 |
124 | GPG13: Windows Permissions Changed | PMC5, PMC7 |
125 | GPG13: Windows Policies Changed | PMC3, PMC4, PMC5, PMC6 |
126 | GPG13: Windows Programs Accessed | PMC4, PMC7 |
127 | GPG13: System Restarted | PMC4, PMC9 |
Copyright © Cloud Software Group, Inc. All rights reserved.