The Windows Security Log is a morass of cryptic security events - some noise, some highly valuable indicators of security activity. The same goes for other audit logs such as for SQL Server and SharePoint.
Your auditors demand that you not only review these logs on a daily basis but monitor for suspicious events and respond in real time.
So you purchase and implement a log management solution. Now you can collect security logs, securely archive them, produce daily reports and configure real time alerts.
But...
- Which events do you report on?
- Which do you alert on?
- What is the significance of these events and how do you respond to them?
- How do you demonstrate compliance with specific requirements of PCI, SOX, HIPAA, GLBA, FISMA and other regulatory requirements?
Log Management ISVs are very good at developing log management software but most will admit they are not subject matter experts in compliance, intrusion detection, and forensic information security.
To solve this problem I have developed Rosetta Audit Logging Kits and in this webinar I will give you a tour of how Rosetta provides:
- Best practice guidance on which events to alert and report on
- Report designs you can implement in your existing log management solution
- Alert specifications that include event criteria, alert text and suggested recipients
- Deep mappings to specific compliance requirements
- Recommended courses of action to each alert and report
- Filter specifications so you can get rid of the noise
If you have a log management solution and need help getting the most out of it for the Windows and Active Directory environment, please join me.