TIBCO LogLogic Alerts for NERC
The following table lists the alerts included in theLogLogic® Compliance Suite - NERC Edition.
Serial Number | TIBCO LogLogic Alert | Description |
---|---|---|
1 | NERC: Accounts Created | Alerts when a new account is created on servers. |
2 | NERC: Accounts Deleted | Alerts when an account is deleted on servers. |
3 | NERC: Accounts Enabled | Alerts when an account is enabled on servers. |
4 | NERC: Accounts Locked | Alerts when an account is locked on servers. |
5 | NERC: Accounts Modified | Alerts when an account is modified on servers. |
6 | NERC: Active Directory Changes | Alerts when changes are made within Active Directory. |
7 | NERC: Allowed Connections | Allowed firewall connections. |
8 | NERC: Anomalous IDS Alerts | Alerts when IDS anomalies are above or below the defined thresholds. |
9 | NERC: Check Point Policy Changed | Alerts when a Check Point firewall's policy is modified. |
10 | NERC: Cisco ISE, ACS Configuration Changed | Alerts when configuration changes are made to the Cisco ISE or Cisco SecureACS. |
11 | NERC: Cisco ISE, ACS Passwords Changed | Alerts when a user changes the password via Cisco ISE or Cisco SecureACS. |
12 | NERC: Cisco PIX, ASA, FWSM Commands Executed | Alerts when Cisco PIX, ASA, or FWSM commands are run. |
13 | NERC: Cisco PIX, ASA, FWSM Failover Disabled | Alerts when a Cisco PIX, ASA, or FWSM HA configuration is disabled. |
14 | NERC: Cisco PIX, ASA, FWSM Failover Errors | Alerts when an error has occurred during PIX, ASA, or FWSM failover. |
15 | NERC: Cisco PIX, ASA, FWSM Failover Performed | Alerts when a failover has occurred on the Cisco PIX, ASA, or FWSM devices. |
16 | NERC: Cisco PIX, ASA, FWSM Fragment Database Limit | The fragment database count has reached on Cisco PIX, ASA, or FWSM devices. |
17 | NERC: Cisco PIX, ASA, FWSM Logon Failure | Notifies about login failure attempts to the Cisco PIX, ASA, or FWSM devices. |
18 | NERC: Cisco PIX, ASA, FWSM Logon Success | Notifies about successful login attempts to the Cisco PIX, ASA, or FWSM firewall. |
19 | NERC: Cisco PIX, ASA, FWSM NAT Failure | Notifies about failures in Network Address Translation (NAT) on the Cisco PIX, ASA, or FWSM. |
20 | NERC: Cisco PIX, ASA, FWSM Policy Changed | Alerts when a Cisco PIX, ASA, or FWSM firewall policy is modified. |
22 | NERC: Cisco PIX, ASA, FWSM Protocol Failure | Alerts about possible network protocol failures on the Cisco PIX, ASA, or FWSM devices. |
23 | NERC: System Restarted | Alerts when system is restarted. |
24 | NERC: Cisco PIX, ASA, FWSM Routing Failure | Alerts when routing failure occurs in the Cisco PIX, ASA, or FWSM devices. |
25 | NERC: Cisco PIX, ASA, FWSM Shun Added | Alerts when a shun rule is added to the PIX, ASA, or FWSM configuration. |
26 | NERC: Cisco PIX, ASA, FWSM Shun Deleted | Alerts when a shun rule is removed from the PIX, ASA, or FWSM configuration. |
27 | NERC: Cisco PIX, ASA, FWSM VPN Tunnel Creation | A VPN tunnel is created on the Cisco PIX, ASA, or FWSM devices. |
28 | NERC: Cisco PIX, ASA, FWSM VPN Tunnel Teardown | Alers twhen a VPN tunnel is removed on the Cisco PIX, ASA, or FWSM devices. |
29 | NERC: Cisco Switch Card Insert | Alerts when a card module is inserted into a switch. |
30 | NERC: Cisco Switch Device Reload | Alerts when a command to reload a Cisco switch is run. |
31 | NERC: Cisco Switch Device Restart | Alerts when a router or switch is rebooted. |
32 | NERC: Cisco Switch HA Failure (ver) | Alerts when an HA setup has version incompatibility issues. |
33 | NERC: Cisco Switch Interface Change | Alerts when network interfaces are going up or down. |
34 | NERC: Cisco Switch Interface Down | Alerts when Cisco switch interface is going down. |
35 | NERC: Cisco Switch Interface Up | Alerts when the Cisco switch interface is back up. |
36 | NERC: Cisco Switch Policy Changed | Alerts when Cisco router or switch configuration is modified. |
37 | NERC: DB2 Database Configuration Change | Alerts when a configuration is changed on a DB2 database. |
38 | NERC: DB2 Database User Added or Dropped | Alerts when a user is added or dropped from a DB2 database. |
39 | NERC: Disallowed Services | Disallowed firewall services. |
40 | NERC: DNS Server Shutdown | Alerts when DNS server is shut down. |
41 | NERC: DNS Server Started | Alerts when DNS server is started. |
42 | NERC: Excessive IDS Attack | IDS anomalies using message volume threshold alerts. |
43 | NERC: F5 BIG-IP TMOS Risky Traffic | F5 BIG-IP TMOS traffic considered risky. |
44 | NERC: Group Members Added | Alerts when new members are added to user groups. |
45 | NERC: Group Members Deleted | Alerts when members are removed from user groups. |
46 | NERC: Groups Created | Alerts when new user groups are created. |
47 | NERC: Groups Deleted | Alerts when a user group is deleted. |
48 | NERC: Groups Modified | Alerts when a user group is modified. |
49 | NERC: Guardium SQL Guard Config Changes | Alerts when a configuration is changed on Guardium SQL Database. |
50 | NERC: Guardium SQL Guard Logins | Alerts when a user logs in to the Guardium SQL Database. |
51 | NERC: HP NonStop Audit Configuration Changed | Alerts when configuration changes are made to the HP NonStop Audit. |
52 | NERC: HP NonStop Audit Permission Changed | Alerts on HP NonStop Audit permission changed events. |
53 | NERC: IBM AIX Password Changed | Alerts when an account password is changed on IBM AIX servers. |
54 | NERC: Juniper Firewall HA State Change | Alerts when Juniper Firewall has changed its failover state. |
55 | NERC: Juniper Firewall Logon Failure | Login failure attempts to the Juniper Firewall. |
56 | NERC: Juniper Firewall Logon Success | Successful login attempts to the Juniper Firewall. |
57 | NERC: Juniper Firewall Peer Missing | Alerts when a Juniper Firewall HA peer is missing. |
58 | NERC: Juniper Firewall Policy Changes | Alerts when Juniper Firewall configuration is changed. |
59 | NERC: Juniper Firewall Policy Out of Sync | Alerts when the Juniper Firewall's policy is out of sync. |
60 | NERC: Juniper Firewall System Reset | Alerts when the Juniper Firewall is reset to system default. |
61 | NERC: Logins Failed | Alerts when login failures are over the defined threshold. |
62 | NERC: Logins Succeeded | Alerts when successful logins are over the defined threshold. |
63 | NERC: LogLogic DSM Configuration Changes | Alerts when a configuration is changed on LogLogic DSM database. |
64 | NERC: LogLogic DSM Logins | Alerts when a user logs into the LogLogic DSM database. |
65 | NERC: LogLogic File Retrieval Errors | Alerts when problems are detected during log file retrieval. |
66 | NERC: LogLogic Management Center Passwords Changed | Alerts when users have changed their passwords. |
67 | NERC: LogLogic Message Routing Errors | Alerts when problems are detected during message forwarding. |
68 | NERC: LogLogic Universal Collector Configuration Changed | Alerts when configuration changes are made to the LogLogic universal collector. |
69 | NERC: Microsoft Operations Manager - Permissions Changed | Alerts when user or group permissions have been changed. |
70 | NERC: Microsoft Operations Manager - Windows Passwords Changed | Alerts when users have changed their passwords. |
71 | NERC: Microsoft Operations Manager - Windows Policies Changed | Alerts when Windows policies changed. |
72 | NERC: Microsoft Operations Manager - Windows Server Restarted | Alerts when a Windows server is restarted. |
73 | NERC: Microsoft Sharepoint Content Deleted | Alerts on Microsoft Sharepoint content deleted events. |
74 | NERC: Microsoft Sharepoint Content Updated | Alerts on Microsoft Sharepoint content updated events. |
75 | NERC: Microsoft Sharepoint Permission Changed | Alerts on Microsoft Sharepoint permission changed events. |
76 | NERC: Microsoft Sharepoint Policies Added, Removed, Modified | Alerts on Microsoft Sharepoint policy additions, deletions, and modifications. |
77 | NERC: Neoteris Files Accessed | Identifies all files accessed through the Juniper SSL VPN. |
78 | NERC: NetApp Authentication Failure | Alerts when NetApp authentication failure events occur. |
79 | NERC: NetApp Bad File Handle | Alerts when a bad file handle is detected on a NetApp device. |
80 | NERC: NetApp Bootblock Update | Alerts when the bootblock is updated on a NetApp Filer. |
81 | NERC: NetApp Filer Audit Policies Changed | Alerts when NetApp Filer Audit policies changed. |
82 | NERC: NetApp Filer Disk Failure | Alerts when a disk fails on a NetApp Filer. |
83 | NERC: NetApp Filer Disk Inserted | Alerts when a disk is inserted in the NetApp Filer. |
84 | NERC: NetApp Filer Disk Missing | Alerts when a disk is missing on the NetApp Filer device. |
85 | NERC: NetApp Filer Disk Pulled | Alerts when a RAID disk is pulled from the Filer device. |
86 | NERC: NetApp Filer Disk Scrub Suspended | Alerts when the disk scrubbing process is suspended. |
87 | NERC: NetApp Filer File System Full | Alerts when the file system is full on the NetApp Filer device. |
88 | NERC: NetApp Filer NIS Group Update | Alerts when the NIS group is updated on the Filer device. |
89 | NERC: NetApp Filer Snapshot Error | Alerts when an error is detected during a NetApp Filer snapshot. |
90 | NERC: NetApp Filer Unauthorized Mounting | Alerts when an unauthorized mount event occurs. |
91 | NERC: Oracle Database Configuration Change | Alerts when an ALTER or an UPDATE command is executed on an Oracle database. |
92 | NERC: Oracle Database User Added or Deleted | Alerts when a user is added or deleted from an Oracle database. |
93 | NERC: Policy Violation | Firewall policy violations. |
94 | NERC: RACF Files Accessed | Alerts when files are accessed on the RACF servers. |
95 | NERC: RACF Passwords Changed | Alerts when users have changed their passwords. |
96 | NERC: RACF Permissions Changed | Alerts when user or group permissions have been changed. |
97 | NERC: Sidewinder Configuration Changed | Alerts when configuration changes are made to the Sidewinder. |
98 | NERC: Sybase ASE Database Config Changes | Alerts on Sybase ASE Database configuration change events. |
99 | NERC: Symantec Endpoint Protection Configuration Changed | Alerts when configuration changes are made to the Symantec Endpoint Protection. |
100 | NERC: Symantec Endpoint Protection Policy Add, Delete, Modify | Alerts on Symantec Endpoint Protection additions, deletions, and modifications. |
101 | NERC: System Anomalies | Detects and alerts any anomalies based on past log patterns. |
102 | NERC: TIBCO ActiveMatrix Administrator Permissions Changed | Alerts on TIBCO ActiveMatrix Administrator permission changed events. |
103 | NERC: UNIX Groups Added | Alerts when a new group is added to the UNIX/Linux servers. |
104 | NERC: UNIX Groups Deleted | Alerts when a user group is deleted on UNIX/Linux servers. |
105 | NERC: UNIX Groups Modified | Alerts when a user group is modified on UNIX/Linux servers. |
106 | NERC: UNIX Privilege Escalated | Alerts when a user has escalated privileges using commands such as su/sudo. |
107 | NERC: vCenter Create Virtual Machine | Alerts when virtual machine is created from VMware vCenter console. |
108 | NERC: vCenter Data Move | Alerts when entity is moved within the VMware vCenter infrastructure. |
109 | NERC: vCenter Datastore Event | Alert on create, modify, and delete datastore events on VMware vCenter. |
110 | NERC: vCenter Delete Virtual Machine | Alerts when a virtual machine is deleted or removed from VMware vCenter console. |
111 | NERC: vCenter Firewall Policy Change | Alerts when changes to the VMware ESX allowed services firewall policy. |
112 | NERC: vCenter Orchestrator Create Virtual Machine | Alerts when a virtual machine is created from VMware vCenter Orchestrator console. |
113 | NERC: vCenter Orchestrator Data Move | Entity is moved within the VMware vCenter Orchestrator Infrastructure. |
114 | NERC: vCenter Orchestrator Datastore Events | Alerts on create, modify, and delete datastore events on VMware vCenter Orchestrator. |
115 | NERC: vCenter Orchestrator Delete Virtual Machine | Alerts when a virtual machine is deleted or removed from VMware vCenter Orchestrator console. |
116 | NERC: vCenter Orchestrator Login Failed | Failed logins to the VMware vCenter Orchestrator console. |
117 | NERC: vCenter Orchestrator Virtual Machine Shutdown | Virtual machine is shut down or paused from VMware vCenter Orchestrator console. |
118 | NERC: vCenter Orchestrator Virtual Machine Started | Virtual machine is started or resumed from VMware vCenter Orchestrator console. |
119 | NERC: vCenter Orchestrator vSwitch Add, Modify or Delete | vSwitch on VMware ESX server is added, modified or removed from vCenter Orchestrator. |
120 | NERC: vCenter Permission Change | Alerts when a permission role is added, changed, removed, or applied on VMware vCenter. |
121 | NERC: vCenter Restart ESX Services | Alerts when VMware vCenter restarted services running on VMware ESX Server. |
122 | NERC: vCenter Shutdown or Restart ESX | Alerts when VMware ESX Server is shut down from vCenter console. |
123 | NERC: vCenter User Login Failed | Alerts about failed logins to the VMware vCenter console |
124 | NERC: vCenter User Login Successful | Alerts on successful logins to the VMware vCenter console. |
125 | NERC: vCenter Virtual Machine Shutdown | Alerts when a virtual machine is shut down or paused from VMware vCenter console. |
126 | NERC: vCenter Virtual Machine Started | Alerts when a virtual machine is started or resumed from VMware vCenter console. |
127 | NERC: vCenter vSwitch Add, Modify or Delete | Alerts when a vSwitch on VMware ESX server is added, modified or removed from vCenter. |
128 | NERC: vCloud Director Login Failed | Alert on failed logins to the VMware vCloud Director console. |
129 | NERC: vCloud Director Login Success | Alert on successful logins to the VMware vCloud Director console. |
130 | NERC: vCloud Organization Created | Alerts when organization successfully created on VMware vCloud Director. |
131 | NERC: vCloud Organization Deleted | Alerts when organization successfully deleted on VMware vCloud Director. |
132 | NERC: vCloud Organization Modified | Alerts when organization successfully modified on VMware vCloud Director. |
133 | NERC: vCloud User Created | Alerts when a user successfully created on VMware vCloud Director. |
134 | NERC: vCloud User, Group, or Role Modified | Alerts when VMware vCloud Director user, group, or role is modified. |
135 | NERC: vCloud vApp Created, Deleted, or Modified | Alerts when VMware vCloud Director vApp is created, deleted, or modified. |
136 | NERC: vCloud vDC Created, Modified, or Deleted | Alerts when VMware vCloud Director Virtual Datacenters have been created, deleted, or modified. |
137 | NERC: vShield Edge Configuration Change | Alerts when configuration changes to VMware vShield Edge policies. |
138 | NERC: vShield Risky Traffic | Alerts when VMware vShield Edge traffic considered risky. |
139 | NERC: Windows Audit Log Cleared | Alerts when audit logs on Windows servers have been cleared. |
140 | NERC: Windows Files Accessed | Show files accessed on the Windows servers. |
141 | NERC: Windows Group Members Added | Alerts when new members are added to user groups on Windows servers. |
142 | NERC: Windows Group Members Deleted | Alerts when members are removed from user groups on Windows servers. |
143 | NERC: Windows Groups Created | Alerts when new user groups are created on Windows servers. |
144 | NERC: Windows Groups Deleted | Alerts when a user group is deleted on Windows servers. |
145 | NERC: Windows Groups Modified | Alerts when a user group is modified on Windows servers. |
146 | NERC: Windows Passwords Changed | Alerts when users have changed their passwords. |
147 | NERC: Windows Permissions Changed | Alerts when user or group permissions have been changed. |
148 | NERC: Windows Policies Changed | Alerts when Windows policies changed. |
149 | NERC: Windows Privileges Escalated | Alerts when a user or program has escalated the privileges. |
150 | NERC: System Restarted | Alerts when system is restarted. |
Copyright © Cloud Software Group, Inc. All rights reserved.