TIBCO LogLogic Alerts for Sarbanes-Oxley and COBIT 2019

The following table lists the alerts included in LogLogic Compliance Suite - Sarbanes-Oxley Edition and COBIT 2019.

# Alert Name Alert Description Regulation Item Numbers
1 COBIT: Accounts Created Alert when a new account is created on servers. APO01.02, APO07.01, DSS05.04, DSS05.04
2 COBIT: Accounts Deleted Alert when an account is deleted on servers. APO07.01, DSS05.04
3 COBIT: Accounts Enabled Alert when an account has been enabled on servers. APO07.01
4 COBIT: Accounts Locked Alert when an account has been locked on servers. DSS05.04
5 COBIT: Accounts Modified Alert when an account is modified on servers. APO007.01, DSS05.04
6 COBIT: Active Directory Changes Alert when changes are made within Active Directory. DSS05.02
7 COBIT: Allowed Connections Allowed firewall connections. Does not map to any compliance regulation
8 COBIT: Check Point Policy Changed Alert when a Check Point firewall's policy has been modified. BAI03.10, BAI06.03
9 COBIT: Cisco ISE, ACS Configuration Changed Alert when configuration changes are made to the Cisco ISE or Cisco SecureACS. BAI03.10, BAI06.03
10 COBIT: Cisco ISE, ACS Passwords Changed Alert when a user changes their password via Cisco ISE or Cisco SecureACS. DSS05.04
11 COBIT: Cisco PIX, ASA, FWSM Commands Executed Alert when a Cisco ASA or FWSM commands are executed. Does not map to any compliance regulation
12 COBIT: Cisco ASA, FWSM Restarted Displays all Cisco ASA or FWSM restart activities to detect unusual activities. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
13 COBIT: Cisco ASA, FWSM Failover Disabled Displays all logs related to disabling Cisco ASA and FWSM failover capability. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
14 COBIT: Cisco ASA, FWSM Failover Errors Alert when an error has occurred during ASA or FWSM failover. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
15 COBIT: Cisco ASA, FWSM Failover Performed Alert when a failover has occurred on the Cisco ASA or FWSM devices. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
16 COBIT: Cisco ASA, FWSM Fragment Database Limit The fragment database count has been reached on Cisco ASA or FWSM devices. Does not map to any compliance regulation
17 COBIT: Cisco ASA, FWSM Logon Failure Login failure attempts to the Cisco ASA or FWSM devices. APO007.01, DSS05.04
18 COBIT: Cisco ASA, FWSM Logon Success Successful login attempts to the Cisco ASA or FWSM firewall. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
19 COBIT: Cisco ASA, FWSM NAT Failure Failures in Network Address Translation (NAT) on the Cisco ASA or FWSM. DSS02.03, BAI09.05, BAI04.04, DSS04.01
20 COBIT: Cisco ASA, FWSM Policy Changed Alert when a Cisco ASA or FWSM firewall policy has been modified. BAI10.05
21 COBIT: Cisco ASA, FWSM Protocol Failure Alert when possible network protocol failures on the Cisco ASA or FWSM devices. DSS02.03, BAI09.05, BAI04.04, DSS04.01
22 COBIT: Cisco ASA, FWSM Routing Failure Alert when routing failure occurred in the Cisco ASA or FWSM devices. DSS02.03, BAI09.05, BAI04.04, DSS04.01
23 COBIT: Cisco ASA, FWSM Shun Added Alert when a shun rule has been added to the ASA or FWSM configuration. Not needed, already covered under config/policy changes
24 COBIT: Cisco ASA, FWSM Shun Deleted Alert when a shun rule has been removed from the ASA or FWSM configuration. Not needed, already covered under config/policy changes
25 COBIT: Cisco ASA, FWSM VPN Tunnel Creation A VPN tunnel has been created on the Cisco ASA or FWSM devices. APO10.05
26 COBIT: Cisco ASA, FWSM VPN Tunnel Teardown Alert when a VPN tunnel has been removed on the Cisco ASA or FWSM devices. APO10.05
27 COBIT: Cisco Switch Card Insert Alert when a card module is inserted into a switch. BAI03.10
28 COBIT: Cisco Switch Device Reload Alert when a command to reload a Cisco switch has been executed. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
29 COBIT: Cisco Switch Device Restart Alert when a router or switch has been rebooted. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
30 COBIT: Cisco Switch HA Failure (ver) Alert when a HA setup has version incompatibility issues. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
31 COBIT: Cisco Switch Interface Change Alert when network interfaces are going up or down. BAI09.05, BAI04.04
32 COBIT: Cisco Switch Interface Down Alert when Cisco switch interface is going down. BAI09.05, BAI04.04
33 COBIT: Cisco Switch Interface Up Alert when the Cisco switch interface is back up. BAI09.05, BAI04.04
34 COBIT: Cisco Switch Policy Changed Alert when Cisco router or switch configuration has been modified. BAI10.05
35 COBIT: DB2 Database Backup Failed Alert when a DB2 database backup fails. DSS04.05, DSS06.04, DSS04.08
36 COBIT: DB2 Database Configuration Change Alert when a configuration is changed on a DB2 database. BAI03.10, BAI06
37 COBIT: DB2 Database Restore Failed Alert when a database restore fails on a DB2 database. DSS04.08
38 COBIT: DB2 Database Started or Stopped Alert when a DB2 database is started or stopped. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
39 COBIT: DB2 Database User Added or Dropped Alert when a user is added or dropped from a DB2 database. DSS08.02, APO007.01, DSS05.04, DSS05.04
40 COBIT: DNS Server Shutdown Alert when DNS Server has been shutdown. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
41 COBIT: DNS Server Started Alert when DNS Server has been started. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
42 COBIT: Disallowed Services Disallowed firewall services. DSS05.02
43 COBIT: Escalated Privileges Alert when a user or program has escalated the privileges. DSS05.04
44 COBIT: Excessive IDS Attack IDS anomalies using message volume threshold alerts. DSS05.02
45 COBIT: Groups Created Alert when new user groups are created. DSS08.02, DSS05.04, DSS05.04
46 COBIT: Groups Deleted Alert when a user group is deleted. DSS08.02, APO007.01
47 COBIT: Groups Modified Alert when a user group has been modified. APO007.01
48 COBIT: Group Members Added Alert when new members are added to user groups. DSS08.02, APO007.01, DSS05.04, DSS05.04
49 COBIT: Group Members Deleted Alert when members are removed from user groups. APO007.01
50 COBIT: Guardium SQL Guard Config Changes Alert when a configuration is changed on Guardium SQL Database. BAI03.10, BAI06.03
51 COBIT: Guardium SQL Guard Data Access Alert when a select statement is made on Guardium SQL Database. APO03.02
52 COBIT: Guardium SQL Guard Logins Alert when a user logs into the Guardium SQL Database. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
53 COBIT: Guardium SQL Guard Startup or Shutdown Alert when the Guardium SQL Database is started or stopped. BAI03.10, BAI06.03, BAI09.05, APO10.05, BAI04.04
54 COBIT: HP NonStop Audit Configuration Changed Alert when configuration changes are made to the HP NonStop Audit. BAI03.10, BAI06.03
55 COBIT: HP NonStop Audit Permission Changed Alerts on HP NonStop Audit permission changed events. DSS08.02, APO007.01, BAI03.05, DSS05.04, DSS05.04
56 COBIT: IBM AIX Password Changed Alert when an account password is changed on IBM AIX servers. DSS05.04
57 COBIT: i5/OS Network Profile Changes Alerts when any changes are made to an i5/OS network profile. APO007.01, DSS05.04
58 COBIT: i5/OS Permission or Policy Change Alerts when policies or permissions are changed on the i5/OS. BAI03.05, DSS08.02, DSS05.04, DSS05.04
59 COBIT: i5/OS Server or Service Status Change Alerts when the i5/OS is restarted or a service stops or starts. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
60 COBIT: i5/OS Software Updates Alert when events related to the i5/OS software updates. BAI03.10, BAI06.03
61 COBIT: i5/OS User Profile Changes Alerts when a user profile is changed on the i5/OS. APO007.01, DSS05.04
62 COBIT: Juniper VPN Policy Change Alert when Juniper VPN policy or configuration change. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
63 COBIT: Logins Failed Alert when login failures are over the defined threshold. APO007.01, DSS05.04
64 COBIT: Logins Succeeded Alert when successful logins are over the defined threshold. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
65 COBIT: LogLogic Disk Full Alert when the LogLogic appliance's disk is near full. BAI03.10, BAI06, BAI09.05, BAI04.04
66 COBIT: LogLogic Management Center Backed Up or Restored Alerts on backup and restore events to the LogLogic management center. BAI10.05
67 COBIT: LogLogic Management Center Passwords Changed Alert when users have changed their passwords. BAI10.05
68 COBIT: LogLogic Management Center Upgrade Succeeded Alert for successful events related to the system's upgrade. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
69 COBIT: LogLogic Message Routing Errors Alert when problems are detected during message forwarding. BAI10.05
70 COBIT: LogLogic File Retrieval Errors Alert when problems are detected during log file retrieval. APO007.01, DSS05.04
71 COBIT: LogLogic Universal Collector Configuration Changed Alert when configuration changes are made to the LogLogic universal collector. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
72 COBIT: Microsoft Operations Manager - Permissions Changed Alert when user or group permissions have been changed. BAI03.10, BAI09.05, BAI04.04
73 COBIT: Microsoft Operations Manager - Windows Passwords Changed Alert when users have changed their passwords. BAI03.10, BAI06.03
74 COBIT: Microsoft Operations Manager - Windows Policies Changed Alert when Windows policies changed. APO03.02
75 COBIT: Microsoft Operations Manager - Windows Server Restarted Alert when a Windows server has been restarted. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
76 COBIT: Microsoft Sharepoint Content Deleted Alerts on Microsoft Sharepoint content deleted events. BAI03.10, BAI06.03, BAI09.05, APO10.05, BAI04.04
77 COBIT: Microsoft Sharepoint Content Updated Alerts on Microsoft Sharepoint content updated events. DSS04.05, DSS06.04, DSS04.08
78 COBIT: Microsoft Sharepoint Permission Changed Alerts on Microsoft Sharepoint permission changed events. DSS05.04
79 COBIT: Microsoft Sharepoint Policies Added, Removed, Modified Alerts on Microsoft Sharepoint policy additions, deletions, and modifications. BAI03.10, BAI06.03
80 COBIT: Microsoft SQL Server Backup Failed Alert when Microsoft SQL Server backup process has failed BAI03.05, DSS03.02, DSS01.03
81 COBIT: Microsoft SQL Server Restore Failed Alert when Microsoft SQL Server restore process failed. BAI03.05, DSS03.02, DSS01.03
82 COBIT: Microsoft SQL Server Shutdown Alert when Microsoft SQL Server has been shutdown. BAI03.10, BAI06.03
83 COBIT: Neoteris Files Accessed Identifies all files being accessed through the Juniper SSL VPN. DSS08.02, DSS05.04, DSS05.04
84 COBIT: NetApp Authentication Failure Alerts when NetApp authentication failure events occur. DSS05.04
85 COBIT: NetApp Bad File Handle Alerts when a bad file handle is detected on a NetApp device. DSS05.04, BAI10.05
86 COBIT: NetApp Bootblock Update Alert when the bootblock has been updated on a NetApp Filer. BAI03.10, BAI06.03, BAI09.05, APO10.05, BAI04.04
87 COBIT: NetApp Filer Audit Policies Changed Alert when NetApp Filer Audit policies changed. APO03.02, APO01.06
88 COBIT: NetApp Filer Disk Failure Alert when a disk fails on a NetApp Filer. APO03.02, APO01.06
89 COBIT: NetApp Filer Disk Missing Alert when a disk is missing on the NetApp Filer device. BAI03.05, DSS08.02, DSS05.04, DSS05.04
90 COBIT: NetApp Filer Disk Scrub Suspended Alert when the disk scrubbing process has been suspended. BAI03.05, DSS08.02, DSS05.04, DSS05.04
91 COBIT: NetApp Filer File System Full Alert when the file system is full on the NetApp Filer device. DSS04.05, DSS06.04, DSS04.08
92 COBIT: NetApp Filer NIS Group Update Alert when the NIS group has been updated on the Filer device. DSS04.08
93 COBIT: NetApp Filer Disk Inserted Alert when a disk is inserted into the NetApp Filer. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
94 COBIT: NetApp Filer Disk Pulled Alert when a RAID disk has been pulled from the Filer device. DSS04.01, DS5.2, DSS05.04
95 COBIT: NetApp Filer Snapshot Error Alert when an error has been detected during a NetApp Filer snapshot. DSS05.04
96 COBIT: NetApp Filer Unauthorized Mounting Alert when an unauthorized mount event occurs. BAI03.10, BAI09.05, BAI04.04
97 COBIT: Oracle Database Configuration Change Displays Oracle database configuration changes. Does not map to any compliance regulation
98 COBIT: Oracle Database Data Access Alerts when Oracle tables are accessed. DSS05.04, BAI10.05
99 COBIT: Oracle Database Permissions Changed Alert when permissions are changed on Oracle databases. BAI03.10, BAI09.05, BAI04.04
100 COBIT: Oracle Database Shutdown Alerts when an Oracle database is shutdown. BAI03.10, BAI09.05, BAI04.04
101 COBIT: Oracle Database User Added or Deleted Alerts when a user is added or deleted from an Oracle database. Does not map to any compliance regulation
102 COBIT: Policy Violation Firewall policy violations. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
103 COBIT: Pulse Connect Secure Policy Change Alert when Pulse Connect Secure policy or configuration change. DSS05.04, APO007.01
104 COBIT: RACF Files Accessed Alert when files are accessed on the RACF servers. BAI03.10
105 COBIT: RACF Passwords Changed Alert when users have changed their passwords. BAI03.10
106 COBIT: RACF Permissions Changed Alert when user or group permissions have been changed. DSS04.01, DSS06.04, DSS04.08
107 COBIT: RACF Process Started Alert whenever a process is run on a RACF server. DSS04.01, DS5.2, DSS05.04
108 COBIT: Sybase ASE Database Backed Up or Restored Alerts on backup and restore events to the Sybase ASE Database. BAI03.10, BAI06
109 COBIT: Sybase ASE Database Config Changes Alerts on Sybase ASE Database configuration change events. APO03.02
110 COBIT: Sybase ASE Database Data Access Alerts on Sybase ASE Database data access events. DSS08.02, BAI03.05
111 COBIT: Sybase ASE Database Started Alerts on Sybase ASE Database start events. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
112 COBIT: Sybase ASE Database Stopped Alerts on Sybase ASE Database stop events. DSS05.04, DSS05.04
113 COBIT: Symantec Endpoint Protection Configuration Changed Alert when configuration changes are made to the Symantec Endpoint Protection. Does not map to any compliance regulation
114 COBIT: Symantec Endpoint Protection Policy Add, Delete, Modify Alerts on Symantec Endpoint Protection additions, deletions, and modifications. BAI10.05
115 COBIT: System Anomalies Detects and alerts any anomalies based on past log patterns. DSS04.01, DS5.2, DSS05.04
116 COBIT: System Restarted Alert when systems such as routers and switches have restarted. DSS05.04
117 COBIT: TIBCO ActiveMatrix Administrator Permission Changed Alerts on TIBCO ActiveMatrix Administrator permission changed events. BAI03.05, DSS08.02, DSS05.04, DSS05.04
118 COBIT: vCenter Create Virtual Machine Alert when virtual machine has been created from VMware vCenter console. BAI03.05, BAI03.10, BAI06.03
119 COBIT: vCenter Datastore Event Alert on create, modify, and delete datastore events on VMware vCenter. BAI03.10, BAI06.03
120 COBIT: vCenter Data Move Alert when entity has been moved within the VMware vCenter infrastructure. DSS04.05, DSS06.04, DSS04.08
121 COBIT: vCenter Delete Virtual Machine Alert when a virtual machine has been deleted or removed from VMware vCenter console. BAI03.10, BAI06.03
122 COBIT: vCenter Firewall Policy Change Alert when changes to the VMware ESX allowed services firewall policy. APO03.02
123 COBIT: vCenter Permission Change Alert when a permission role has been added, changed, removed, or applied on VMware vCenter. BAI03.10, BAI06.03, BAI09.05, APO10.05, BAI04.04
124 COBIT: vCenter Restart ESX Services Alert when VMware vCenter restarted services running on VMware ESX Server. BAI03.10, BAI06.03, BAI09.05, APO10.05, BAI04.04
125 COBIT: vCenter Shutdown or Restart ESX Alert when VMware ESX Server is shutdown from vCenter console. BAI03.10, BAI06.03
126 COBIT: vCenter User Login Failed Alert on failed logins to the VMware vCenter console. BAI03.05, DSS08.02, DSS05.04, DSS05.04
127 COBIT: vCenter User Login Successful Alert on successful logins to the VMware vCenter console. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
128 COBIT: vCenter Virtual Machine Shutdown Alert when virtual machine has been shutdown or paused from VMware vCenter console. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
129 COBIT: vCenter Virtual Machine Started Alert when virtual machine has been started or resumed from VMware vCenter console. BAI03.05, DSS08.02, DSS05.04, DSS05.04
130 COBIT: vCenter vSwitch Add, Modify or Delete Alert when vSwitch on VMware ESX server has been added, modified or removed from vCenter. DSS08.02, BAI03.05, BAI03.05, DSS02.03, BAI03.10, BAI06, BAI10.05
131 COBIT: Windows Audit Log Cleared Alert when audit logs on Windows servers have been cleared. DSS04.01, DS5.2, DSS05.04
132 COBIT: Windows Files Accessed Show files accessed on the Windows servers. DSS04.01, DS5.2, DSS05.04
133 COBIT: Windows Passwords Changed Alert when users have changed their passwords. DSS08.02, BAI03.05, BAI03.05, DSS02.03, BAI03.10, BAI06, BAI10.05
134 COBIT: Windows Permissions Changed Alert when user or group permissions have been changed. BAI10.05
135 COBIT: Windows Policies Changed Alert when Windows policies changed. BAI03.05, DSS08.02, DSS05.04, DSS05.04
136 COBIT: Windows Programs Accessed Alerts when a program is accessed on a Windows server. BAI03.05, BAI10.05
137 COBIT: Windows Server Restarted Alert when a Windows server has been restarted. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04
138 COBIT: Windows Software Updates Alert when events related to the Windows' software updates. APO007.01, DSS05.04
139 COBIT: Windows Software Updates Failed Alert when failed events related to the software updates. DSS08.02, APO007.01, DSS05.04, DSS05.02, BAI10.05
140 COBIT: Windows Software Updates Succeeded Alert for successful events related to the software updates. BAI03.10, BAI06, BAI09.05, APO10.05, BAI04.04