TIBCO LogLogic Alerts for ISO/IEC 27002
The following table lists the alerts included in the TIBCO LogLogic® Compliance Suite - ISO Edition.
Serial Number | TIBCO LogLogic Alert | Description |
---|---|---|
1 | ISO: Accounts Created | Alert when a new account is created on servers. |
2 | ISO: Accounts Deleted | Alert when an account is deleted on servers. |
3 | ISO: Accounts Enabled | Alert when an account has been enabled on servers. |
4 | ISO: Accounts Locked | Alert when an account has been locked on servers. |
5 | ISO: Accounts Modified | Alert when an account is modified on servers. |
6 | ISO: Active Directory Changes | Alert when changes are made within Active Directory. |
7 | ISO: Anomalous Firewall Traffic | Alert when firewall traffic patterns are out of the norm. |
8 | ISO: Anomalous IDS Alerts | Alert when IDS anomalies are above or below defined thresholds. |
9 | ISO: Check Point Policy Changed | Alert when a Check Point firewall's policy has been modified. |
10 | ISO: Cisco ISE, ACS Configuration Changed | Alert when configuration changes are made to the Cisco ISE or Cisco SecureACS. |
11 | ISO: Cisco ISE, ACS Passwords Changed | Alert when a user changes their password via Cisco ISE or Cisco SecureACS. |
12 | ISO: Cisco PIX, ASA, FWSM Commands Executed | Alert when a Cisco PIX, ASA, or FWSM commands are executed. |
13 | ISO: Cisco PIX, ASA, FWSM Failover Disabled | Alert when a Cisco PIX, ASA, or FWSM HA configuration is disabled. |
14 | ISO: Cisco PIX, ASA, FWSM Failover Performed | Alert when a failover has occurred on the Cisco PIX, ASA, or FWSM devices. |
15 | ISO: Cisco PIX, ASA, FWSM Policy Changed | Alert when a Cisco PIX, ASA, or FWSM firewall policy has been modified. |
16 | ISO: Cisco PIX, ASA, FWSM Routing Failure | Alert when routing failure occurred in the Cisco PIX, ASA, or FWSM devices. |
17 | ISO: Cisco Switch Policy Changed | Alert when Cisco router or switch configuration has been modified. |
18 | ISO: CVS Source Code Repository Failed Access | Alert when access to CVS repository has failed. |
19 | ISO: DNS Server Shutdown | Alert when DNS Server has been shutdown. |
20 | ISO: DNS Server Started | Alert when DNS Server has been started. |
21 | ISO: Escalated Privileges | Alert when a user or program has escalated the privileges. |
22 | ISO: F5 BIG-IP TMOS Risky Traffic | F5 BIG-IP TMOS traffic considered risky. |
23 | ISO: F5 BIG-IP TMOS Traffic Besides SSH and SSL | F5 BIG-IP TMOS traffic besides SSH and SSL. |
24 | ISO: Firewall Traffic Besides SSL and SSH | Displays all traffic passing through the firewall that is not SSL or SSH. |
25 | ISO: Firewall Traffic Considered Risky | Alert on non HTTP, SSL, or SSH traffic passing through the firewall. |
26 | ISO: Group Members Added | Alert when new members are added to user groups. |
27 | ISO: Group Members Deleted | Alert when members are removed from user groups. |
28 | ISO: Groups Created | Alert when new user groups are created. |
29 | ISO: Groups Deleted | Alert when a user group is deleted. |
30 | ISO: Groups Modified | Alert when a user group has been modified. |
31 | ISO: Guardium SQL Guard Logins | Alert when a user logs into the Guardium SQL Database. |
32 | ISO: HP NonStop Audit Configuration Changed | Alert when configuration changes are made to the HP NonStop Audit. |
33 | ISO: HP NonStop Audit Permission Changed | Alerts on HP NonStop Audit permission changed events. |
34 | ISO: i5/OS Network Profile Changes | Alerts when any changes are made to an i5/OS network profile. |
35 | ISO: i5/OS Permission or Policy Change | Alerts when policies or permissions are changed on the i5/OS. |
36 | ISO: i5/OS Server or Service Status Change | Alerts when the i5/OS is restarted or a service stops or starts. |
37 | ISO: i5/OS Software Updates | Alert when events related to the i5/OS software updates. |
38 | ISO: i5/OS User Profile Changes | Alerts when a user profile is changed on the i5/OS. |
39 | ISO: IBM AIX Password Changed | Alert when an account password is changed on IBM AIX servers. |
40 | ISO: Juniper Firewall HA State Change | Alert when Juniper Firewall has changed its failover state. |
41 | ISO: Juniper Firewall Peer Missing | Alert when a Juniper Firewall HA peer is missing. |
42 | ISO: Juniper Firewall Policy Changes | Alert when Juniper firewall configuration is changed. |
43 | ISO: Juniper Firewall Policy Out of Sync | Alert when the Juniper Firewall’s policy is out of sync. |
44 | ISO: Juniper VPN Policy Change | Alert when Juniper VPN policy or configuration change. |
45 | ISO: Juniper VPN System Error | Alert when events related to the Juniper VPN system errors or failures are detected. |
46 | ISO: Logins Failed | Alert when login failures are over the defined threshold. |
47 | ISO: Logins Succeeded | Alert when successful logins are over the defined threshold. |
48 | ISO: LogLogic Disk Full | Alert when the LogLogic appliance's disk is near full. |
49 | ISO: LogLogic DSM Logins | Alert when a user logs into the LogLogic DSM database. |
50 | ISO: LogLogic File Retrieval Errors | Alert when problems are detected during log file retrieval. |
51 | ISO: LogLogic HA State Change | Alert when the LogLogic appliance failover state changes. |
52 | ISO: LogLogic Management Center Passwords Changed | Alert when users have changed their passwords. |
53 | ISO: LogLogic Management Center Upgrade Succeeded | Alert for successful events related to the system's upgrade. |
54 | ISO: LogLogic Message Routing Errors | Alert when problems are detected during message forwarding. |
55 | ISO: LogLogic NTP Service Stopped | Alert when the LogLogic NTP engine has stopped. |
56 | ISO: LogLogic Universal Collector Configuration Changed | Alert when configuration changes are made to the LogLogic Universal Collector. |
57 | ISO: Microsoft Operations Manager - Permissions Changed | Alert when user or group permissions have been changed. |
58 | ISO: Microsoft Operations Manager - Windows Passwords Changed | Alert when users have changed their passwords. |
59 | ISO: Microsoft Operations Manager - Windows Policies Changed | Alert when Windows policies changed. |
60 | ISO: Microsoft Sharepoint Permission Changed | Alerts on Microsoft Sharepoint permission changed events. |
61 | ISO: Microsoft Sharepoint Policies Added, Removed, Modified | Alerts on Microsoft Sharepoint policy additions, deletions, and modifications. |
62 | ISO: NetApp Authentication Failure | Alerts when NetApp authentication failure events occur. |
63 | ISO: NetApp Bad File Handle | Alerts when a bad file handle is detected on a NetApp device. |
64 | ISO: NetApp Filer Audit Policies Changed | Alert when NetApp Filer Audit policies changed. |
65 | ISO: NetApp Filer Disk Failure | Alert when a disk fails on a NetApp Filer. |
66 | ISO: NetApp Filer Disk Inserted | Alert when a disk is inserted into the NetApp Filer. |
67 | ISO: NetApp Filer Disk Missing | Alert when a disk is missing on the NetApp Filer device. |
68 | ISO: NetApp Filer Disk Pulled | Alert when a RAID disk has been pulled from the Filer device. |
69 | ISO: NetApp Filer File System Full | Alert when the file system is full on the NetApp Filer device. |
70 | ISO: NetApp Filer NIS Group Update | Alert when the NIS group has been updated on the Filer device. |
71 | ISO: NetApp Filer Snapshot Error | Alert when an error has been detected during a NetApp Filer snapshot. |
72 | ISO: NetApp Filer Unauthorized Mounting | Alert when an unauthorized mount event occurs. |
73 | ISO: NTP Daemon Exited | Alert when the NTP service has stopped. |
74 | ISO: NTP Server Unreachable | Alert when the remote NTP server is unreachable. |
75 | ISO: Pulse Connect Secure Policy Change | Alert when Pulse Connect Secure policy or configuration change. |
76 | ISO: Pulse Connect Secure System Error | Alert when events related to the Pulse Connect Secure system errors or failures are detected. |
77 | ISO: RACF Files Accessed | Alert when files are accessed on the RACF servers. |
78 | ISO: RACF Passwords Changed | Alert when users have changed their passwords. |
79 | ISO: RACF Permissions Changed | Alert when user or group permissions have been changed. |
80 | ISO: RACF Process Started | Alert whenever a process is run on a RACF server. |
81 | ISO: Sidewinder Configuration Changed | Alert when configuration changes are made to the Sidewinder. |
82 | ISO: Symantec Endpoint Protection Configuration Changed | Alert when configuration changes are made to the Symantec Endpoint Protection. |
83 | ISO: Symantec Endpoint Protection Policy Add, Delete, Modify | Alerts on Symantec Endpoint Protection additions, deletions, and modifications. |
84 | ISO: System Restarted | Alert when systems such as routers and switches have restarted. |
85 | ISO: TIBCO ActiveMatrix Administrator Permission Changed | Alerts on TIBCO ActiveMatrix Administrator permission changed events. |
86 | ISO: vCenter Create Virtual Machine | Alert when virtual machine has been created from VMware vCenter console. |
87 | ISO: vCenter Data Move | Alert when entity has been moved within the VMware vCenter infrastructure. |
88 | ISO: vCenter Datastore Event | Alert on create, modify, and delete datastore events on VMware vCenter. |
89 | ISO: vCenter Delete Virtual Machine | Alert when a virtual machine has been deleted or removed from VMware vCenter console. |
90 | ISO: vCenter Firewall Policy Change | Alert when changes to the VMware ESX allowed services firewall policy. |
91 | ISO: vCenter Orchestrator Create Virtual Machine | Virtual machine has been created from VMware vCenter Orchestrator console. |
92 | ISO: vCenter Orchestrator Data Move | Entity has been moved within the VMware vCenter Orchestrator infrastructure. |
93 | ISO: vCenter Orchestrator Datastore Events | Alerts on create, modify, and delete datastore events on VMware vCenter Orchestrator. |
94 | ISO: vCenter Orchestrator Delete Virtual Machine | Alert when a virtual machine has been deleted or removed from VMware vCenter Orchestrator console. |
95 | ISO: vCenter Orchestrator Login Failed | Failed logins to the VMware vCenter Orchestrator console. |
96 | ISO: vCenter Orchestrator Virtual Machine Shutdown | Virtual machine has been shutdown or paused from VMware vCenter Orchestrator console. |
97 | ISO: vCenter Orchestrator Virtual Machine Started | Virtual machine has been started or resumed from VMware vCenter Orchestrator console. |
98 | ISO: vCenter Orchestrator vSwitch Add, Modify or Delete | vSwitch on VMware ESX server has been added, modified or removed from vCenter Orchestrator. |
99 | ISO: vCenter Permission Change | Alert when a permission role has been added, changed, removed, or applied on VMware vCenter. |
100 | ISO: vCenter Restart ESX Services | Alert when VMware vCenter restarted services running on VMware ESX Server. |
101 | ISO: vCenter Shutdown or Restart ESX | Alert when VMware ESX Server is shutdown from vCenter console. |
102 | ISO: vCenter User Login Failed | Alert on failed logins to the VMware vCenter console. |
103 | ISO: vCenter User Login Successful | Alert on successful logins to the VMware vCenter console. |
104 | ISO: vCenter Virtual Machine Shutdown | Alert when virtual machine has been shutdown or paused from VMware vCenter console. |
105 | ISO: vCenter Virtual Machine Started | Alert when virtual machine has been started or resumed from VMware vCenter console. |
106 | ISO: vCenter vSwitch Add, Modify or Delete | Alert when vSwitch on VMware ESX server has been added, modified or removed from vCenter. |
107 | ISO: vCloud Director Login Failed | Alert on failed logins to the VMware vCloud Director console. |
108 | ISO: vCloud Director Login Success | Alert on successful logins to the VMware vCloud Director console. |
109 | ISO: vCloud Organization Created | Alert when organization successfully created on VMware vCloud Director. |
110 | ISO: vCloud Organization Deleted | Alert when organization successfully deleted on VMware vCloud Director. |
111 | ISO: vCloud Organization Modified | Alert when organization successfully modified on VMware vCloud Director. |
112 | ISO: vCloud User Created | Alert when a user successfully created on VMware vCloud Director. |
113 | ISO: vCloud User, Group, or Role Modified | Alert when VMware vCloud Director user, group, or role has been modified. |
114 | ISO: vCloud vApp Created, Deleted, or Modified | Alert when VMware vCloud Director vApp has been created, deleted, or modified. |
115 | ISO: vCloud vDC Created, Modified, or Deleted | Alert when VMware vCloud Director Virtual Datacenters have been created, deleted, or modified. |
116 | ISO: vShield Edge Configuration Change | Alert when configuration changes to VMware vShield Edge policies. |
117 | ISO: vShield Firewall Traffic Besides SSH and SSL | Alert on traffic besides SSH and SSL passing through vShield Firewall. |
118 | ISO: vShield Risky Traffic | Alert when VMware vShield Edge traffic considered risky. |
119 | ISO: Windows Audit Log Cleared | Alert when audit logs on Windows servers have been cleared. |
120 | ISO: Windows Files Accessed | Show files accessed on the Windows servers. |
121 | ISO: Windows Objects Create/Delete | Alert when system level objects have been created or deleted. |
122 | ISO: Windows Passwords Changed | Alert when users have changed their passwords. |
123 | ISO: Windows Permissions Changed | Alert when user or group permissions have been changed. |
124 | ISO: Windows Policies Changed | Alert when Windows policies changed. |
125 | ISO: Windows Process Started | Alert when a process has been started on a Windows server. |
126 | ISO: Windows Programs Accessed | Alerts when a program is accessed on a Windows server. |
127 | ISO: Windows Software Updates | Alert when events related to the Windows' software updates. |
128 | ISO: Windows Software Updates Failed | Alert when failed events related to the software updates. |
129 | ISO: Windows Software Updates Succeeded | Alert for successful events related to the software updates. |
130 | ISO: Microsoft Operations Manager - Windows Server Restarted | Alert when a Windows server has been restarted. |
Copyright © Cloud Software Group, Inc. All rights reserved.