LOG-4 Security Event Logging

What is LOG-4 Security Event Logging Control about?

Security Event Logging control is a vital part of Enterprise Monitoring. The monitoring tool must be configured to report on security events such as unusual spikes in incoming or outgoing traffic, configuration changes, privileged escalations, traffic from malicious IP addresses, etc.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t used them.

Logging Tools

Zabbix

DataDog

ManageEngine

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• N/A: no template recommendation

Control implementation

To implement this control,

Install a monitoring logging tool and enable the monitoring tool to look for specific predefined security events (it is up to you to define what type of security events is critical for your organization to monitor):

1. Enable a threshold for alert notifications (map the type of events to be notified on and the threshold to cross for notifications)
2. Set up an alert notification (ensure the alert is sent to a team for quick response and review)

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below suggested action:

1. Provide screenshot of the monitoring tool settings showing the specific security events
2. Provide screenshot of the threshold
3. Provide screenshot showing the alert receivers

Evidence example

From the suggested action above, an example is provided below.

Refer to the screenshots provided for LOG-3. These follow the same patterns.