TIBCO LogLogic Alerts for NERC

The following table lists the alerts included in theLogLogic® Compliance Suite - NERC Edition.

Serial Number TIBCO LogLogic Alert Description
1 NERC: Accounts Created Alerts when a new account is created on servers.
2 NERC: Accounts Deleted Alerts when an account is deleted on servers.
3 NERC: Accounts Enabled Alerts when an account is enabled on servers.
4 NERC: Accounts Locked Alerts when an account is locked on servers.
5 NERC: Accounts Modified Alerts when an account is modified on servers.
6 NERC: Active Directory Changes Alerts when changes are made within Active Directory.
7 NERC: Allowed Connections Allowed firewall connections.
8 NERC: Anomalous IDS Alerts Alerts when IDS anomalies are above or below the defined thresholds.
9 NERC: Check Point Policy Changed Alerts when a Check Point firewall's policy is modified.
10 NERC: Cisco ISE, ACS Configuration Changed Alerts when configuration changes are made to the Cisco ISE or Cisco SecureACS.
11 NERC: Cisco ISE, ACS Passwords Changed Alerts when a user changes the password via Cisco ISE or Cisco SecureACS.
12 NERC: Cisco PIX, ASA, FWSM Commands Executed Alerts when Cisco PIX, ASA, or FWSM commands are run.
13 NERC: Cisco PIX, ASA, FWSM Failover Disabled Alerts when a Cisco PIX, ASA, or FWSM HA configuration is disabled.
14 NERC: Cisco PIX, ASA, FWSM Failover Errors Alerts when an error has occurred during PIX, ASA, or FWSM failover.
15 NERC: Cisco PIX, ASA, FWSM Failover Performed Alerts when a failover has occurred on the Cisco PIX, ASA, or FWSM devices.
16 NERC: Cisco PIX, ASA, FWSM Fragment Database Limit The fragment database count has reached on Cisco PIX, ASA, or FWSM devices.
17 NERC: Cisco PIX, ASA, FWSM Logon Failure Notifies about login failure attempts to the Cisco PIX, ASA, or FWSM devices.
18 NERC: Cisco PIX, ASA, FWSM Logon Success Notifies about successful login attempts to the Cisco PIX, ASA, or FWSM firewall.
19 NERC: Cisco PIX, ASA, FWSM NAT Failure Notifies about failures in Network Address Translation (NAT) on the Cisco PIX, ASA, or FWSM.
20 NERC: Cisco PIX, ASA, FWSM Policy Changed Alerts when a Cisco PIX, ASA, or FWSM firewall policy is modified.
22 NERC: Cisco PIX, ASA, FWSM Protocol Failure Alerts about possible network protocol failures on the Cisco PIX, ASA, or FWSM devices.
23 NERC: System Restarted Alerts when system is restarted.
24 NERC: Cisco PIX, ASA, FWSM Routing Failure Alerts when routing failure occurs in the Cisco PIX, ASA, or FWSM devices.
25 NERC: Cisco PIX, ASA, FWSM Shun Added Alerts when a shun rule is added to the PIX, ASA, or FWSM configuration.
26 NERC: Cisco PIX, ASA, FWSM Shun Deleted Alerts when a shun rule is removed from the PIX, ASA, or FWSM configuration.
27 NERC: Cisco PIX, ASA, FWSM VPN Tunnel Creation A VPN tunnel is created on the Cisco PIX, ASA, or FWSM devices.
28 NERC: Cisco PIX, ASA, FWSM VPN Tunnel Teardown Alers twhen a VPN tunnel is removed on the Cisco PIX, ASA, or FWSM devices.
29 NERC: Cisco Switch Card Insert Alerts when a card module is inserted into a switch.
30 NERC: Cisco Switch Device Reload Alerts when a command to reload a Cisco switch is run.
31 NERC: Cisco Switch Device Restart Alerts when a router or switch is rebooted.
32 NERC: Cisco Switch HA Failure (ver) Alerts when an HA setup has version incompatibility issues.
33 NERC: Cisco Switch Interface Change Alerts when network interfaces are going up or down.
34 NERC: Cisco Switch Interface Down Alerts when Cisco switch interface is going down.
35 NERC: Cisco Switch Interface Up Alerts when the Cisco switch interface is back up.
36 NERC: Cisco Switch Policy Changed Alerts when Cisco router or switch configuration is modified.
37 NERC: DB2 Database Configuration Change Alerts when a configuration is changed on a DB2 database.
38 NERC: DB2 Database User Added or Dropped Alerts when a user is added or dropped from a DB2 database.
39 NERC: Disallowed Services Disallowed firewall services.
40 NERC: DNS Server Shutdown Alerts when DNS server is shut down.
41 NERC: DNS Server Started Alerts when DNS server is started.
42 NERC: Excessive IDS Attack IDS anomalies using message volume threshold alerts.
43 NERC: F5 BIG-IP TMOS Risky Traffic F5 BIG-IP TMOS traffic considered risky.
44 NERC: Group Members Added Alerts when new members are added to user groups.
45 NERC: Group Members Deleted Alerts when members are removed from user groups.
46 NERC: Groups Created Alerts when new user groups are created.
47 NERC: Groups Deleted Alerts when a user group is deleted.
48 NERC: Groups Modified Alerts when a user group is modified.
49 NERC: Guardium SQL Guard Config Changes Alerts when a configuration is changed on Guardium SQL Database.
50 NERC: Guardium SQL Guard Logins Alerts when a user logs in to the Guardium SQL Database.
51 NERC: HP NonStop Audit Configuration Changed Alerts when configuration changes are made to the HP NonStop Audit.
52 NERC: HP NonStop Audit Permission Changed Alerts on HP NonStop Audit permission changed events.
53 NERC: IBM AIX Password Changed Alerts when an account password is changed on IBM AIX servers.
54 NERC: Juniper Firewall HA State Change Alerts when Juniper Firewall has changed its failover state.
55 NERC: Juniper Firewall Logon Failure Login failure attempts to the Juniper Firewall.
56 NERC: Juniper Firewall Logon Success Successful login attempts to the Juniper Firewall.
57 NERC: Juniper Firewall Peer Missing Alerts when a Juniper Firewall HA peer is missing.
58 NERC: Juniper Firewall Policy Changes Alerts when Juniper Firewall configuration is changed.
59 NERC: Juniper Firewall Policy Out of Sync Alerts when the Juniper Firewall's policy is out of sync.
60 NERC: Juniper Firewall System Reset Alerts when the Juniper Firewall is reset to system default.
61 NERC: Logins Failed Alerts when login failures are over the defined threshold.
62 NERC: Logins Succeeded Alerts when successful logins are over the defined threshold.
63 NERC: LogLogic DSM Configuration Changes Alerts when a configuration is changed on LogLogic DSM database.
64 NERC: LogLogic DSM Logins Alerts when a user logs into the LogLogic DSM database.
65 NERC: LogLogic File Retrieval Errors Alerts when problems are detected during log file retrieval.
66 NERC: LogLogic Management Center Passwords Changed Alerts when users have changed their passwords.
67 NERC: LogLogic Message Routing Errors Alerts when problems are detected during message forwarding.
68 NERC: LogLogic Universal Collector Configuration Changed Alerts when configuration changes are made to the LogLogic universal collector.
69 NERC: Microsoft Operations Manager - Permissions Changed Alerts when user or group permissions have been changed.
70 NERC: Microsoft Operations Manager - Windows Passwords Changed Alerts when users have changed their passwords.
71 NERC: Microsoft Operations Manager - Windows Policies Changed Alerts when Windows policies changed.
72 NERC: Microsoft Operations Manager - Windows Server Restarted Alerts when a Windows server is restarted.
73 NERC: Microsoft Sharepoint Content Deleted Alerts on Microsoft Sharepoint content deleted events.
74 NERC: Microsoft Sharepoint Content Updated Alerts on Microsoft Sharepoint content updated events.
75 NERC: Microsoft Sharepoint Permission Changed Alerts on Microsoft Sharepoint permission changed events.
76 NERC: Microsoft Sharepoint Policies Added, Removed, Modified Alerts on Microsoft Sharepoint policy additions, deletions, and modifications.
77 NERC: Neoteris Files Accessed Identifies all files accessed through the Juniper SSL VPN.
78 NERC: NetApp Authentication Failure Alerts when NetApp authentication failure events occur.
79 NERC: NetApp Bad File Handle Alerts when a bad file handle is detected on a NetApp device.
80 NERC: NetApp Bootblock Update Alerts when the bootblock is updated on a NetApp Filer.
81 NERC: NetApp Filer Audit Policies Changed Alerts when NetApp Filer Audit policies changed.
82 NERC: NetApp Filer Disk Failure Alerts when a disk fails on a NetApp Filer.
83 NERC: NetApp Filer Disk Inserted Alerts when a disk is inserted in the NetApp Filer.
84 NERC: NetApp Filer Disk Missing Alerts when a disk is missing on the NetApp Filer device.
85 NERC: NetApp Filer Disk Pulled Alerts when a RAID disk is pulled from the Filer device.
86 NERC: NetApp Filer Disk Scrub Suspended Alerts when the disk scrubbing process is suspended.
87 NERC: NetApp Filer File System Full Alerts when the file system is full on the NetApp Filer device.
88 NERC: NetApp Filer NIS Group Update Alerts when the NIS group is updated on the Filer device.
89 NERC: NetApp Filer Snapshot Error Alerts when an error is detected during a NetApp Filer snapshot.
90 NERC: NetApp Filer Unauthorized Mounting Alerts when an unauthorized mount event occurs.
91 NERC: Oracle Database Configuration Change Alerts when an ALTER or an UPDATE command is executed on an Oracle database.
92 NERC: Oracle Database User Added or Deleted Alerts when a user is added or deleted from an Oracle database.
93 NERC: Policy Violation Firewall policy violations.
94 NERC: RACF Files Accessed Alerts when files are accessed on the RACF servers.
95 NERC: RACF Passwords Changed Alerts when users have changed their passwords.
96 NERC: RACF Permissions Changed Alerts when user or group permissions have been changed.
97 NERC: Sidewinder Configuration Changed Alerts when configuration changes are made to the Sidewinder.
98 NERC: Sybase ASE Database Config Changes Alerts on Sybase ASE Database configuration change events.
99 NERC: Symantec Endpoint Protection Configuration Changed Alerts when configuration changes are made to the Symantec Endpoint Protection.
100 NERC: Symantec Endpoint Protection Policy Add, Delete, Modify Alerts on Symantec Endpoint Protection additions, deletions, and modifications.
101 NERC: System Anomalies Detects and alerts any anomalies based on past log patterns.
102 NERC: TIBCO ActiveMatrix Administrator Permissions Changed Alerts on TIBCO ActiveMatrix Administrator permission changed events.
103 NERC: UNIX Groups Added Alerts when a new group is added to the UNIX/Linux servers.
104 NERC: UNIX Groups Deleted Alerts when a user group is deleted on UNIX/Linux servers.
105 NERC: UNIX Groups Modified Alerts when a user group is modified on UNIX/Linux servers.
106 NERC: UNIX Privilege Escalated Alerts when a user has escalated privileges using commands such as su/sudo.
107 NERC: vCenter Create Virtual Machine Alerts when virtual machine is created from VMware vCenter console.
108 NERC: vCenter Data Move Alerts when entity is moved within the VMware vCenter infrastructure.
109 NERC: vCenter Datastore Event Alert on create, modify, and delete datastore events on VMware vCenter.
110 NERC: vCenter Delete Virtual Machine Alerts when a virtual machine is deleted or removed from VMware vCenter console.
111 NERC: vCenter Firewall Policy Change Alerts when changes to the VMware ESX allowed services firewall policy.
112 NERC: vCenter Orchestrator Create Virtual Machine Alerts when a virtual machine is created from VMware vCenter Orchestrator console.
113 NERC: vCenter Orchestrator Data Move Entity is moved within the VMware vCenter Orchestrator Infrastructure.
114 NERC: vCenter Orchestrator Datastore Events Alerts on create, modify, and delete datastore events on VMware vCenter Orchestrator.
115 NERC: vCenter Orchestrator Delete Virtual Machine Alerts when a virtual machine is deleted or removed from VMware vCenter Orchestrator console.
116 NERC: vCenter Orchestrator Login Failed Failed logins to the VMware vCenter Orchestrator console.
117 NERC: vCenter Orchestrator Virtual Machine Shutdown Virtual machine is shut down or paused from VMware vCenter Orchestrator console.
118 NERC: vCenter Orchestrator Virtual Machine Started Virtual machine is started or resumed from VMware vCenter Orchestrator console.
119 NERC: vCenter Orchestrator vSwitch Add, Modify or Delete vSwitch on VMware ESX server is added, modified or removed from vCenter Orchestrator.
120 NERC: vCenter Permission Change Alerts when a permission role is added, changed, removed, or applied on VMware vCenter.
121 NERC: vCenter Restart ESX Services Alerts when VMware vCenter restarted services running on VMware ESX Server.
122 NERC: vCenter Shutdown or Restart ESX Alerts when VMware ESX Server is shut down from vCenter console.
123 NERC: vCenter User Login Failed Alerts about failed logins to the VMware vCenter console
124 NERC: vCenter User Login Successful Alerts on successful logins to the VMware vCenter console.
125 NERC: vCenter Virtual Machine Shutdown Alerts when a virtual machine is shut down or paused from VMware vCenter console.
126 NERC: vCenter Virtual Machine Started Alerts when a virtual machine is started or resumed from VMware vCenter console.
127 NERC: vCenter vSwitch Add, Modify or Delete Alerts when a vSwitch on VMware ESX server is added, modified or removed from vCenter.
128 NERC: vCloud Director Login Failed Alert on failed logins to the VMware vCloud Director console.
129 NERC: vCloud Director Login Success Alert on successful logins to the VMware vCloud Director console.
130 NERC: vCloud Organization Created Alerts when organization successfully created on VMware vCloud Director.
131 NERC: vCloud Organization Deleted Alerts when organization successfully deleted on VMware vCloud Director.
132 NERC: vCloud Organization Modified Alerts when organization successfully modified on VMware vCloud Director.
133 NERC: vCloud User Created Alerts when a user successfully created on VMware vCloud Director.
134 NERC: vCloud User, Group, or Role Modified Alerts when VMware vCloud Director user, group, or role is modified.
135 NERC: vCloud vApp Created, Deleted, or Modified Alerts when VMware vCloud Director vApp is created, deleted, or modified.
136 NERC: vCloud vDC Created, Modified, or Deleted Alerts when VMware vCloud Director Virtual Datacenters have been created, deleted, or modified.
137 NERC: vShield Edge Configuration Change Alerts when configuration changes to VMware vShield Edge policies.
138 NERC: vShield Risky Traffic Alerts when VMware vShield Edge traffic considered risky.
139 NERC: Windows Audit Log Cleared Alerts when audit logs on Windows servers have been cleared.
140 NERC: Windows Files Accessed Show files accessed on the Windows servers.
141 NERC: Windows Group Members Added Alerts when new members are added to user groups on Windows servers.
142 NERC: Windows Group Members Deleted Alerts when members are removed from user groups on Windows servers.
143 NERC: Windows Groups Created Alerts when new user groups are created on Windows servers.
144 NERC: Windows Groups Deleted Alerts when a user group is deleted on Windows servers.
145 NERC: Windows Groups Modified Alerts when a user group is modified on Windows servers.
146 NERC: Windows Passwords Changed Alerts when users have changed their passwords.
147 NERC: Windows Permissions Changed Alerts when user or group permissions have been changed.
148 NERC: Windows Policies Changed Alerts when Windows policies changed.
149 NERC: Windows Privileges Escalated Alerts when a user or program has escalated the privileges.
150 NERC: System Restarted Alerts when system is restarted.