Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Many security organizations around the world are working hard to develop standards for
reporting with recommendations on what types of report can be most useful and for
whom. In the following section we will take the Top 5 Essential Log Reports as
recommended by the SANS Institute www.sans.org and see how ASC can effectively address these best practices with built-in and customizable reports.

Top 5 Essential Log Reports as recommended by SANS Institute:

1) Attempts to Gain Access through Existing Accounts
2) Failed File or Resource Access Attempts
3) Unauthorized Changes to Users, Groups and Services
4) Systems Most Vulnerable to Attack
5) Suspicious or Unauthorized Network Traffic Patterns

Creating valuable information from millions of system events can be an extremely
difficult and time consuming task. Particularly when these events are being generated on
disparate devices such as firewalls, IPS/IDS appliances or different server operating
systems the challenges are two fold. Firstly collecting all the data and then generating
valuable reports or analysis based on potentially millions of different events. As we shall
see in the following exercises the key to running these reports is, know what you are
looking for.

Activeworx Security Center (ASC) is designed to help you build intelligence and increase
the visibility of your network based on a large amount of seemingly unrelated security
events. This is most obvious and valuable when running reports either for compliance or
internal security analysis.

http://www.crossteccorp.com/whitepapers/resources/SANSTop5ReportsandASC1.pdf