TIBCO LogLogic Alerts for PCI
The following table lists the alerts included in the TIBCO LogLogic® Compliance Suite - PCI Edition.
Serial Number | TIBCO LogLogic Alert | Description |
---|---|---|
1 | PCI: Accounts Created | Alerts when a new account is created on servers. |
2 | PCI: Accounts Deleted | Alerts when an account is deleted on servers. |
3 | PCI: Accounts Enabled | Alerts when an account has been enabled on servers. |
4 | PCI: Accounts Locked | Alerts when an account has been locked on servers. |
5 | PCI: Accounts Modified | Alerts when an account is modified on servers. |
6 | PCI: Active Directory Changes | Alerts when changes are made within Active Directory. |
7 | PCI: Anomalous Firewall Traffic | Alerts when firewall traffic patterns are out of the norm. |
8 | PCI: Anomalous IDS Alerts | Alerts when IDS anomalies are above or below defined thresholds. |
9 | PCI: Check Point Policy Changed | Alerts when a Check Point firewall's policy has been modified. |
10 | PCI: Cisco ISE, ACS Configuration Changed | Alerts when configuration changes are made to the Cisco ISE or Cisco SecureACS. |
11 | PCI: Cisco ISE, ACS Passwords Changed | Alerts when a user changes their password via Cisco ISE or Cisco SecureACS. |
12 | PCI: Cisco PIX, ASA, FWSM HA State Change | Alerts when Cisco PIX, ASA, or FWSM has changed its failover state. |
13 | PCI: Cisco PIX, ASA, FWSM Commands Executed | Alerts when a Cisco PIX, ASA, or FWSM commands are executed. |
14 | PCI: Cisco PIX, ASA, FWSM Failover Disabled | Alerts when a Cisco PIX, ASA, or FWSM HA configuration is disabled. |
15 | PCI: Cisco PIX, ASA, FWSM Failover Performed | Alerts when a failover has occurred on the Cisco PIX, ASA, or FWSM devices. |
16 | PCI: Cisco PIX, ASA, FWSM Policy Changed | Alerts when a Cisco PIX, ASA, or FWSM firewall policy has been modified. |
17 | PCI: Cisco PIX, ASA, FWSM Routing Failure | Alerts when routing failure occurred in the Cisco PIX, ASA, or FWSM devices. |
18 | PCI: Cisco Switch Policy Changed | Alerts when Cisco router or switch configuration has been modified. |
19 | PCI: DB2 Database Configuration Change | Alerts when a configuration is changed on a DB2 database. |
20 | PCI: DB2 Database User Added or Dropped | Alerts when a user is added or dropped from a DB2 database. |
21 | PCI: DNS Server Shutdown | Alerts when DNS Server has been shutdown. |
22 | PCI: DNS Server Started | Alerts when DNS Server has been started. |
23 | PCI: Escalated Privileges | Alerts when a user or program has escalated the privileges. |
24 | PCI: F5 BIG-IP TMOS Risky Traffic | F5 BIG-IP TMOS traffic considered risky. |
25 | PCI: F5 BIG-IP TMOS Traffic Besides HTTP, SSH and SSL | F5 BIG-IP TMOS traffic besides HTTP, SSH and SSL. |
26 | PCI: F5 BIG-IP TMOS Traffic Besides SSH and SSL | F5 BIG-IP TMOS traffic besides SSH and SSL. |
27 | PCI: Firewall Traffic Besides HTTP, SSL and SSH | Alerts on traffic besides HTTP, SSL & SSH passing the firewall. |
28 | PCI: Firewall Traffic Considered Risky | Alerts on non HTTP, SSL, or SSH traffic passing through the firewall. |
29 | PCI: Group Members Added | Alerts when new members are added to user groups. |
30 | PCI: Group Members Deleted | Alerts when members are removed from user groups. |
31 | PCI: Groups Created | Alerts when new user groups are created. |
32 | PCI: Groups Deleted | Alerts when a user group is deleted. |
33 | PCI: Groups Modified | Alerts when a user group has been modified. |
34 | PCI: Guardium SQL Guard Config Changes | Alerts when a configuration is changed on Guardium SQL Database. |
35 | PCI: Guardium SQL Guard Data Access | Alerts when a select statement is made on Guardium SQL Database. |
36 | PCI: Guardium SQL Guard Logins | Alerts when a user logs into the Guardium SQL Database. |
37 | PCI: HP NonStop Audit Configuration Changed | Alerts when configuration changes are made to the HP NonStop Audit. |
38 | PCI: HP NonStop Audit Permission Changed | Alerts on HP NonStop Audit permission changed events. |
39 | PCI: i5/OS Network Profile Changes | Alerts when any changes are made to an i5/OS network profile. |
40 | PCI: i5/OS Permission or Policy Change | Alerts when policies or permissions are changed on the i5/OS. |
41 | PCI: i5/OS Server or Service Status Change | Alerts when the i5/OS is restarted or a service stops or starts. |
42 | PCI: i5/OS Software Updates | Alerts when events related to the i5/OS software updates. |
43 | PCI: i5/OS User Profile Changes | Alerts when a user profile is changed on the i5/OS. |
44 | PCI: IBM AIX Password Changed | Alerts when an account password is changed on IBM AIX servers. |
45 | PCI: Juniper Firewall HA State Change | Alerts when Juniper Firewall has changed its failover state. |
46 | PCI: Juniper Firewall Peer Missing | Alerts when a Juniper Firewall HA peer is missing. |
47 | PCI: Juniper Firewall Policy Changes | Alerts when Juniper Firewall configuration is changed. |
48 | PCI: Juniper Firewall Policy Out of Sync | Alerts when the Juniper Firewall's policy is out of sync. |
49 | PCI: Logins Failed | Alerts when login failures are over the defined threshold. |
50 | PCI: Logins Succeeded | Alerts when successful logins are over the defined threshold. |
51 | PCI: LogLogic Disk Full | Alerts when the LogLogic appliance's disk is near full. |
52 | PCI: LogLogic DSM Configuration Changes | Alerts when a configuration is changed on LogLogic DSM database. |
53 | PCI: LogLogic DSM Data Access | Alerts when a select statement is made on LogLogic DSM database. |
54 | PCI: LogLogic DSM Logins | Alerts when a user logs into the LogLogic DSM database. |
55 | PCI: LogLogic Management Center Passwords Changed | Alerts when users have changed their passwords. |
56 | PCI: LogLogic Management Center Upgrade Succeeded | Alerts for successful events related to the system's upgrade. |
57 | PCI: LogLogic Message Routing Errors | Alerts when problems are detected during message forwarding. |
58 | PCI: LogLogic Universal Collector Configuration Changed | Alerts when configuration changes are made to the LogLogic universal collector. |
59 | PCI: Microsoft Operations Manager - Permissions Changed | Alert when user or group permissions have been changed. |
60 | PCI: Microsoft Operations Manager - Windows Passwords Changed | Alerts when users have changed their passwords. |
61 | PCI: Microsoft Operations Manager - Windows Policies Changed | Alerts when Windows policies changed. |
62 | PCI: LogLogic File Retrieval Errors | Alerts when problems are detected during log file retrieval. |
63 | PCI: Microsoft Sharepoint Content Deleted | Alerts on Microsoft Sharepoint content deleted events. |
64 | PCI: Microsoft Sharepoint Content Updated | Alerts on Microsoft Sharepoint content updated events. |
65 | PCI: Microsoft Sharepoint Permission Changed | Alerts on Microsoft Sharepoint permission changed events. |
66 | PCI: Microsoft Sharepoint Policies Added, Removed, Modified | Alerts on Microsoft Sharepoint policy additions, deletions, and modifications. |
67 | PCI: Microsoft Operations Manager Server Restarted | Alerts when a Windows server is restarted. |
68 | PCI: NetApp Authentication Failure | Alerts when NetApp authentication failure events occur. |
69 | PCI: NetApp Bad File Handle | Alerts when a bad file handle is detected on a NetApp device. |
70 | PCI: NetApp Bootblock Update | Alerts when the bootblock has been updated on a NetApp Filer. |
71 | PCI: NetApp Filer Audit Policies Changed | Alerts when NetApp Filer Audit policies changed. |
72 | PCI: NetApp Filer Disk Failure | Alerts when a disk fails on a NetApp Filer. |
73 | PCI: NetApp Filer Disk Inserted | Alerts when a disk is inserted into the NetApp Filer device. |
74 | PCI: NetApp Filer Disk Missing | Alerts when a disk is missing on the NetApp Filer device. |
75 | PCI: NetApp Filer Disk Pulled | Alerts when a RAID disk has been pulled from the Filer device. |
76 | PCI: NetApp Filer Disk Scrub Suspended | Alerts when the disk scrubbing process has been suspended. |
77 | PCI: NetApp Filer File System Full | Alerts when the file system is full on the NetApp Filer device. |
78 | PCI: NetApp Filer NIS Group Update | Alerts when the NIS group has been updated on the Filer device. |
79 | PCI: NetApp Filer Snapshot Error | Alerts when an error has been detected during a NetApp Filer snapshot. |
80 | PCI: NetApp Filer Unauthorized Mounting | Alerts when an unauthorized mount event occurs. |
81 | PCI: Oracle Database Configuration Change | Alerts when a ALTER or UPDATE command is executed on Oracle DB’s. |
82 | PCI: Oracle Database Data Access | Alerts when Oracle tables are accessed. |
83 | PCI: Oracle Database Permissions Changed | Alerts when permissions are changed on Oracle databases. |
84 | PCI: Oracle Database User Added or Deleted | Alerts when a user is added or deleted from an Oracle database. |
85 | PCI: RACF Files Accessed | Alerts when files are accessed on the RACF servers. |
86 | PCI: RACF Passwords Changed | Alerts when users have changed their passwords. |
87 | PCI: RACF Permissions Changed | Alerts when user or group permissions have been changed. |
88 | PCI: RACF Process Started | Alerts whenever a process is run on a RACF server. |
89 | PCI: Sidewinder Configuration Changed | Alerts when configuration changes are made to the Sidewinder. |
90 | PCI: Sybase ASE Database Config Changes | Alerts on Sybase ASE Database configuration change events. |
91 | PCI: Sybase ASE Database Data Access | Alerts on Sybase ASE Database data access events. |
92 | PCI: Symantec Endpoint Protection Configuration Changed | Alerts when configuration changes are made to the Symantec Endpoint Protection. |
93 | PCI: Symantec Endpoint Protection Policy Add, Delete, Modify | Alerts on Symantec Endpoint Protection additions, deletions, and modifications. |
94 | PCI: System Restarted | Alerts when systems such as routers and switches have restarted. |
95 | PCI: TIBCO ActiveMatrix Administrator Permission Changed | Alertss on TIBCO ActiveMatrix Administrator permission changed events. |
96 | PCI: vCenter Create Virtual Machine | Alerts when virtual machine has been created from VMware vCenter console. |
97 | PCI: vCenter Data Move | Alerts when entity has been moved within the VMware vCenter infrastructure. |
98 | PCI: vCenter Datastore Event | Alerts on create, modify, and delete datastore events on VMware vCenter. |
99 | PCI: vCenter Delete Virtual Machine | Alerts when a virtual machine has been deleted or removed from VMware vCenter console. |
100 | PCI: vCenter Firewall Policy Change | Alerts when changes to the VMware ESX allowed services firewall policy. |
101 | PCI: vCenter Orchestrator Create Virtual Machine | Virtual machine has been created from VMware vCenter Orchestrator console. |
102 | PCI: vCenter Orchestrator Data Move | Entity has been moved within the VMware vCenter Orchestrator infrastructure. |
103 | PCI: vCenter Orchestrator Datastore Events | Alerts on create, modify, and delete datastore events on VMware vCenter Orchestrator. |
104 | PCI: vCenter Orchestrator Delete Virtual Machine | Alerts when a virtual machine has been deleted or removed from VMware vCenter Orchestrator console. |
105 | PCI: vCenter Orchestrator Login Failed | Failed logins to the VMware vCenter Orchestrator console. |
106 | PCI: vCenter Orchestrator Virtual Machine Shutdown | Virtual machine has been shutdown or paused from VMware vCenter Orchestrator console. |
107 | PCI: vCenter Orchestrator Virtual Machine Started | Virtual machine has been started or resumed from VMware vCenter Orchestrator console. |
108 | PCI: vCenter Orchestrator vSwitch Add, Modify or Delete | vSwitch on VMware ESX server has been added, modified or removed from vCenter Orchestrator. |
109 | PCI: vCenter Permission Change | Alerts when a permission role has been added, changed, removed, or applied on VMware vCenter. |
110 | PCI: vCenter Restart ESX Services | Alerts when VMware vCenter restarted services running on VMware ESX Server. |
111 | PCI: vCenter Shutdown or Restart ESX | Alerts when VMware ESX Server is shutdown from vCenter console. |
112 | PCI: vCenter User Login Failed | Alerts on failed logins to the VMware vCenter console. |
113 | PCI: vCenter User Login Successful | Alerts on successful logins to the VMware vCenter console. |
114 | PCI: vCenter Virtual Machine Shutdown | Alerts when virtual machine has been shutdown or paused from VMware vCenter console. |
115 | PCI: vCenter Virtual Machine Started | Alerts when virtual machine has been started or resumed from VMware vCenter console. |
116 | PCI: vCenter vSwitch Add, Modify or Delete | Alerts when vSwitch on VMware ESX server has been added, modified or removed from vCenter. |
117 | PCI: vCloud Director Login Failed | Alerts on failed logins to the VMware vCloud Director console. |
118 | PCI: vCloud Director Login Success | Alerts on successful logins to the VMware vCloud Director console. |
119 | PCI: vCloud Organization Created | Alerts when organization successfully created on VMware vCloud Director. |
120 | PCI: vCloud Organization Deleted | Alerts when organization successfully deleted on VMware vCloud Director. |
121 | PCI: vCloud Organization Modified | Alerts when organization successfully modified on VMware vCloud Director. |
122 | PCI: vCloud User Created | Alerts when a user successfully created on VMware vCloud Director. |
123 | PCI: vCloud User, Group, or Role Modified | Alerts when VMware vCloud Director user, group, or role has been modified. |
124 | PCI: vCloud vApp Created, Deleted, or Modified | Alerts when VMware vCloud Director vApp has been created, deleted, or modified. |
125 | PCI: vCloud vDC Created, Modified, or Deleted | Alerts when VMware vCloud Director Virtual Datacenters have been created, deleted, or modified. |
126 | PCI: vShield Edge Configuration Change | Alerts when configuration changes to VMware vShield Edge policies. |
127 | PCI: vShield Firewall Traffic Besides HTTP, SSH and SSL | VMware vShield Edge traffic besides HTTP, SSH and SSL. |
128 | PCI: vShield Firewall Traffic Besides SSH and SSL | Alerts on traffic besides SSH, and SSL passing through vShield Firewall. |
129 | PCI: vShield Risky Traffic | Alerts when VMware vShield Edge Traffic considered risky. |
130 | PCI: Windows Audit Log Cleared | Alerts when audit logs on Windows servers have been cleared. |
131 | PCI: Windows Files Accessed | Show files accessed on the Windows servers. |
132 | PCI: Windows Objects Create/Delete | Alerts when system-level objects have been created or deleted. |
133 | PCI: Windows Passwords Changed | Alerts when users have changed their passwords. |
134 | PCI: Windows Permissions Changed | Alerts when user or group permissions have been changed. |
135 | PCI: Windows Policies Changed | Alerts when Windows policies changed. |
136 | PCI: Windows Process Started | Alerts when a process has been started on a Windows server. |
137 | PCI: Windows Programs Accessed | Alertss when a program is accessed on a Windows server. |
138 | PCI: Windows Software Updates | Alerts when events related to the Windows' software updates. |
139 | PCI: Windows Software Updates Failed | Alerts when failed events related to the software updates. |
140 | PCI: Windows Software Updates Succeeded | Alerts for successful events related to the software updates. |
Copyright © Cloud Software Group, Inc. All rights reserved.