Sub-Requirement 10.3

10.3 Record at least the following audit trail entries for all system components for each event:

  • 10.3.1 User identification
  • 10.3.2 Type of event
  • 10.3.3 Date and time
  • 10.3.4 Success or failure indication
  • 10.3.5 Origination of event
  • 10.3.6 Identity or name of affected data, system component, or resource

Illustrative Controls and the TIBCO LogLogic Solution

Incident detection and response functions address how an organization identifies, documents and responds to events that fall outside of normal operations. Organizations must maintain a complete and accurate audit trail for network devices, servers and applications to enable this type of investigation.

By alerting on any failures that occur, administrators can respond rapidly to potential problems and incidents that might affect availability, security, or performance. Real-time data monitoring and reporting capabilities reduce time to repair after incidents, reducing costs, and improving application availability.

The TIBCO LogLogic® Log Management Intelligence (LMI) solution will automatically record the event date and time, event status (success or failure), event origin (log source IP address) and event type (firewall connection, access or authentication, IDS, E-Mail, or web access) for every single event. In addition, TIBCO LogLogic’s solution will identify all users, system components or resources within the events to help administrator correctly analyze the events.

The TIBCO LogLogic Dashboard for Log Source Status provides an up to date view of the log files that the TIBCO LogLogic Appliance is collecting.

Reports and Alerts

Use the following link/reference to see the 10.3 reports and alerts: 10.3.1 on page 141.