Solidcore Report catalog
-
Upload
raj-rajamani -
Category
Business
-
view
66 -
download
0
Transcript of Solidcore Report catalog
Real-time Change Control
Report Catalog
Solidcore S3 Control is the leading Change Control product in the market today. The product has three modules – Visibility, Accountability and Enforcement – which can be used to audit and control all changes in the IT organization. The visibility module tracks changes on Servers, Databases, Network Devices and Active Directory servers and provides Alert, Dashboard and Search capabilities. The Accountability module correlates changes with RFC tickets in Change Management Systems and can flag unauthorized changes. Organizations that wish to prevent such unauthorized changes can use the Enforcement module to prevent changes to critical configuration files, registries and executables.
The Solidcore S3 Control product also ships with a very robust and flexible reporting module. The reporting module uses an embedded Crystal report engine to generate reports that transform raw change data into actionable intelligence. BU heads can use the pre-packaged reports to automate their Compliance reporting and System Administrators can use the information in the reports to track down exceptional changes and fine-tune their change policies. The product ships with nearly 30 reports that can be broadly classified into the following categories – Visibility, Accountability, Enforcement, PCI Compliance, SOX Compliance, System Information. The pre-packaged reports were designed in consultation with industry experts and auditors and can be further customized by customers on a need basis. In this catalog, we present samples of some of the reports that are shipped with S3 Control. These reports were shipped in S3 Control 3.4, but are likely to change in future versions of the product.
Visibility Reports...............................................1
Accountability Reports.......................................8
Enforcement Reports.......................................15
PCI Reports....................................................18
SOX Reports....................................................26
System Information Reports............................30
The visibility module tracks changes on all the
IT components and stores it in a central change
database. Detailed information (when, who, what,
how and why) about every change is captured
in its change record. This information is used
to trigger alerts, create dashboard summaries
and in keyword searches. The visibility reports
(User Summary, Groups/Hosts Summary and
Change Agent Summary) provide a summary of the
changes grouped on different change attributes.
Administrators can schedule these summary
reports on a regular basis and eyeball the reports
to ensure that the change activity is under control.
Each item in the details section is linked back to the
search page making it easy for the administrator to
inspect suspicious change activity.
Visibility
Page 1Visibilty Reports
Activity by Username This report will reveal changes made by unauthorized personnel and is especially useful for large IT organizations which are managed by multiple administrators.
Page 2Visibilty Reports
Page 3Visibilty Reports
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved.
Groups / Hosts Summary This report summarizes the changes by Group and Hostname. It helps administrators identify changes made to critical groups or hosts.
Page 4Visibilty Reports
Page 5Visibilty Reports
Software Distribution\Downloaded\de84\sp2\tzchange 4
Change Agent Summary This report helps identify unusual change activity by grouping on the program name attribute. The program name can often be used to identify the source of the change and this information can even help detect malicious activity by viruses and rootkit infections.
Page 6Visibilty Reports
Software Distribution\Downloaded\da84\upd\update.exe 14
Page 7Visibilty Reports
The accountability module ties every change to
the change policy or ticket that authorized the
change. Very often, changes are made only after
the CAB or CM reviews and approves the change.
The burden of documentation lays heavily on the
administrator’s shoulders, who does not view this
as his primary job responsibility. Even when the
documentation is provided by the administrator,
it is seldom accurate or complete. S3 Control
automates the process of documenting the changes
by reconciliing the changes in its database with the
change tickets in a Change Management System.
Accountability
Page 8Accountability Reports
Reconciliation This report provides an audit trail of all changes that were corelated with change tickets in a Remedy Change Management System.
Page 9Accountability Reports
Configure VMWare
mydomain.com
Page 10Accountability Reports
a
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
Staging / Production Comparison Missing or unauthorized changes can be easily identified for audit and this greatly reduces the risk exposure of the IT department he is managing. This report lists the “small”, but unauthorized, changes that an administrator tried to club with an approved change.
Page 11Accountability Reports
Inspecting Change Location In this example, the change manager approved changes only to the C:\Oracle directory. With Solidcore, the change manager can identify unapproved changes made in the C:\Program Files which were never authorized, and not related to the Oracle installation.
Page 12Accountability Reports
Exceptional Changes by Users
None.
Changes by Directory Location that were not performed
None.
Page 13Accountability Reports
January 11, 2008 02:18:51 PMGenerated at:
Date Range: December 11, 2007 - January 11, 2008
Authorized Update Time Range: 16:00:00 - 17:30:00
Frequency: Daily
127.0.0.1DB Server:
orclDB SIDs:
All unauthorized (outside of your enterprise time based change policy) events for Databases
Time-based Change Compliance (Databases)
Details
Date Database SID Authorized Unauthorized Total
orcl 3 2 501/04/2008
orcl 5 0 501/09/2008
orcl 19 6 2501/10/2008
Grand Total 827 35
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Maintenance Windows This report allows the Change Manager to easily identify outside of the maintenance window (4pm – 5.30pm). The numbers in the table are HTML links to the search page and can be used to get more information about the changes made outside the maintenance window.
Page 14Accountability Reports
Critical files can be protected by S3 Control to
prevent unauthorized changes. Authorization
can be given through change tickets or through
S3 Control change policies. Change policies
can be time-based that allow changes during
authorized maintenance windows, or program-
based policies that allow changes to be made by
authorized programs and provisioning agents like
SMS, SUS, etc. Unauthorized attempts to change
the protected files are prevented and reported as
violations.
Enforcement
Page 15Enforcement Reports
SOLIDCORE\habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
Change Policy Violation by User This report reveals unauthorized attempts to change the protected files that were prevented and reports them as violations.
Page 16Enforcement Reports
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
SOLIDCORE\ habbate
Page 17Enforcement Reports
S3 Control provides a comprehensive set of
reports that verify PCI compliance with respect
to controls 10 and 11 of the PCI DSS. Packaged
Reports are available for meeting PCI DSS controls
for File Integrity and Monitoring of System
components. These controls help not just achieve
PCI compliance but also maintain compliance on
an ongoing basis. Thus, they make up an integral
part of a sustainable PCI compliance program. These
reports can be used by auditors and significantly
lower the costs of a PCI audit.
PCI Compliance
Page 18PCI Reports
domain m
domain.com
Continuous File Integrity Monitoring This report can be used to meet PCI DSS 11.5 requirements that stipulate the use of a File Integrity Monitoring solution. S3 Control monitors all changes to critical files, identifies the authorization and also calls out attempted violations of change policy that were prevented by S3 Control
Page 19PCI Reports
Page 20PCI Reports
All Filters applied
Filters Profiles Report
Generated At : January 11, 2008 02:28:59 PM
Details
Redhat Linux ES3 Base Filters
Description :
Profile Name :
StateStatusHost
StateStatusGroup
ADDED SUCCESSLinux
Type : Directory
FLAG VALUE
Include /usr/src
Include /usr/libexec
Include /usr/share/info
Include /usr/share/doc
Include /usr/X11R6/include
Include /usr/local/include
Include /usr/include
Include /var/crash
Exclude /
Include /bin
Include /sbin
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Filter Profiles This report is complementary to the previous report in that it lists the critical files that are being tracked and the groups and hosts on which the filter profiles are applied.
Page 21PCI Reports
Include /boot
Include /etc
Include /lib
Include /proc/driver
Include /proc/fs
Include /proc/net
Include /proc/sys
Include /usr/bin
Include /usr/local/bin
Include /usr/kerberos/bin
Include /usr/X11R6/bin
Include /usr/ccs/bin
Include /usr/contrib/bin
Include /usr/sbin
Include /usr/local/sbin
Include /usr/kerberos/sbin
Include /usr/etc
Include /usr/local/etc
Include //usr/lib
Include /usr/local/lib
Include /usr/kerberos/lib
Include /usr/X11R6/lib
Include /usr/share/man
Type : Extension
FLAG VALUE
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 2
Page 22PCI Reports
Database Access PCI DSS Section 10 mandates the auditing of all system components including databases. This report sample provides an audit trail of all activities on a database handling credit card information. As mandated by the PCI DSS, date and time,
Page 23PCI Reports
Page 24PCI Reports
SOX Controls often require organizations to track
login activity on critical server. This is done to
make sure that only authorized users are accessing
the database and attempts to break into critical
servers are tracked.
SOX also mandates the tracking of all privileged
activities on servers. Database Administrator
accounts, often have overriding privileges which
comes with a very high misuse risk. Organizations
try to mitigate the risk by reducing the number of
shared accounts, but it is never possible to remove
such accounts altogether without crippling the
management and administrative capabilities. As a
compensating control, it is important to inspect all
activities made using such privileged accounts.
SOX Compliance
Page 25SOX Reports
Failed Logons This report provides a list of all the unsuccessful logon attempts on an Oracle and SQL Server summarized by the user account used for such a login attempt.
Page 26PCI Reports
Page 27SOX Reports
Privileged Activity This report can be used to inspect all activities made using privileged database accounts.
Page 28SOX Reports
Page 29SOX Reports
System Information Reports
Page 30System Information Reports
Filter Profile Desc = Filters Profile willmonitor only critical changes for WeblogicServer 10 on Windows,Filter Profile Name = Weblogic Server 10 Windows Filters
Audit TrailAudit trail of all actions performed from the Analytics Server
Duration :
Actions :
Generated At : Friday, January 11, 2008 2:32:29PM
Alert Rule Creation, Database Creation, Database Deletion, Database Updation, Disable Enforcement, Filter Profile Deletion, Filter Profile Updation, Group Updation, Host Creation, Host Updation, Login Failure, Login Success, Logout, Report Generation, Synchronize, System Controller Creation, System Controller Updation, User Creation, User Updation
December, 11 2007 00:00:00 - January, 11 2008 23:59:59
Users : anthony, brian, cesar, reportuser, s3admin, s3dbadmin, s3ldapadmin, s3nasadmin, s3netadmin, sam, scadmin
Details
Timestamp User Action Additional Details
11-Jan-2008 2:30:57PM scadmin ReportGeneration
Desc of Report Run = Host Connection Report,Format = PDF,Report Run = HostConnectionStatus.rpt
11-Jan-2008 2:30:48PM scadmin DisableEnforcement
Host/Group name = Windows
11-Jan-2008 2:30:05PM scadmin ReportGeneration
Desc of Report Run = Host Connection Report,Format = PDF,Report Run = HostConnectionStatus.rpt
11-Jan-2008 2:28:59PM scadmin ReportGeneration
Desc of Report Run = Filters Profiles Report,Format = PDF,Report Run = Filter_Profiles.rpt
11-Jan-2008 2:28:55PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Windows XP,Filter Profile Name = Windows XP Base Filters
11-Jan-2008 2:28:53PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Windows NT,Filter Profile Name = Windows NT Base Filters
11-Jan-2008 2:28:51PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Windows 2000,Filter Profile Name = Windows 2000 Base Filters
11-Jan-2008 2:28:48PM scadmin Filter Profile Deletion
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Audit Trail Any auditing system must be able to audit itself. This report provides an audit trail of all the actions performed through the S3 Control application. The action and username parameters can be restricted to identify specific changes made by a user.
Page 31System Information Reports
Timestamp User Action Additional Details
11-Jan-2008 2:28:46PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Weblogic Server 10 on Solaris,Filter Profile Name = Weblogic Server 10 Solaris Filters
11-Jan-2008 2:28:43PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Weblogic Server 10 on Linux,Filter Profile Name = Weblogic Server 10 Linux Filters
11-Jan-2008 2:28:40PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Weblogic Server 10 on HPUX,Filter Profile Name = Weblogic Server 10 HPUX Filters
11-Jan-2008 2:28:38PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Weblogic Server 10 on AIX,Filter Profile Name = Weblogic Server 10 AIX Filters
11-Jan-2008 2:28:34PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Trend Micro Client Server Security on Windows,Filter Profile Name = Trend Micro CS Windows Filters
11-Jan-2008 2:28:32PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Tomcat 5.5 on Windows,Filter Profile Name = Tomcat 5.5 Windows Filters
11-Jan-2008 2:28:29PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Siebel on Solaris,Filter Profile Name = Tomcat 5.5 Solaris Filters
11-Jan-2008 2:28:27PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Tomcat 5.5 on Linux,Filter Profile Name = Tomcat 5.5 Linux Filters
11-Jan-2008 2:28:24PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Solaris 9 (sparc),Filter Profile Name = Solaris 9 (sparc) Base Filters
11-Jan-2008 2:28:22PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Solaris 8 (sparc),Filter Profile Name = Solaris 8 (sparc) Base Filters
11-Jan-2008 2:28:19PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes on Solaris 10 (sparc),Filter Profile Name = Solaris 10 (sparc) Base Filters
11-Jan-2008 2:28:17PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for Siebel on Solaris,Filter Profile Name = Siebel Solaris Filters
11-Jan-2008 2:28:15PM scadmin Filter Profile Deletion
Filter Profile Desc = Filters Profile will monitor only critical changes for SC 2.5 on Linux,Filter Profile Name = SC 2.5 Linux Filters
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 2
Page 32System Information Reports
Host Status This report is used by the S3 Control administrators to check the status of the hosts being managed by S3 Control. Host Connection status, the Solidifier status and the System Controller status are all available from this one report.
Page 33System Information Reports
Page 34System Information Reports
Highlights
Embeds a very powerful report engineCrystal is an industry standard
Multiple Formats Supported HTML, PDF, CSV, RPT
Flexible ReportingEach report can be customized to take multiple parameters
SchedulesReports can be scheduled on a daily, weekly, monthly or custom intervals
Pre-packaged reportsNearly 30 pre-packaged reports built in consultation with auditors and administrators help improve the RoI
ExtensibilityReports can be deployed in a Crystal Server for advanced functionality and greater scalability
Solidcore Systems, Inc.www.solidcore.com888.210.6530
(c) 2008 Solidcore Systems, Inc.
Solidcore, the Solidcore logo, Solidificatiom, and Solidifier are trademarks of Solidcore Systems, Inc.
Disclaimer: The reports shown in this catalog are representative of actual reports that are generated by the S3 Control Reporting Module, but are not exact replicas of the reports themselves. They have been truncated and edited to fit the format of this catalog.