- Free Edition
- What's New?
- Key Highlights
- Suggested Reading
- All Capabilities
-
Log Management
- Event Log Management
- Syslog Management
- Log Collection
- Agent-less Log Collection
- Agent Based Log collection
- Windows Log Analysis
- Event Log Auditing
- Remote Log Management
- Cloud Log Management
- Security Log Management
- Server Log Management
- Linux Auditing and Reporting
- Auditing Syslog Devices
- Windows Registry Auditing
- Privileged User Activity Auditing
-
Application Log Management
- Application Log Monitoring
- Web Server Auditing
- Database Activity Monitoring
- Database Auditing
- IIS Log Analyzer
- Apache Log Analyzer
- SQL Database Auditing
- VMware Log Analyzer
- Hyper V Event Log Auditing
- MySQL Log Analyzer
- DHCP Server Auditing
- Oracle Database Auditing
- SQL Database Auditing
- IIS FTP Log Analyzer
- IIS Web Log Analyzer
- IIS Viewer
- IIS Log Parser
- Apache Log Viewer
- Apache Log Parser
- Oracle Database Auditing
-
IT Compliance Auditing
- ISO 27001 Compliance
- HIPAA Compliance
- PCI DSS Compliance
- SOX Compliance
- GDPR Compliance
- FISMA Compliance Audit
- GLBA Compliance Audit
- CCPA Compliance Audit
- Cyber Essentials Compliance Audit
- GPG Compliance Audit
- ISLP Compliance Audit
- FERPA Compliance Audit
- NERC Compliance Audit Reports
- PDPA Compliance Audit reports
- CMMC Compliance Audit
- Reports for New Regulatory Compliance
- Customizing Compliance Reports
-
Security Monitoring
- Threat Intelligence
- STIX/TAXII Feed Processor
- Threat Whitelisting
- Real-Time Event Correlation
- Log Forensics
- Incident Management System
- Automated Incident Response
- Linux File Integrity Monitoring
- Detecting Threats in Windows
- External Threat Mitigation
- Malwarebytes Threat Reports
- FireEye Threat Intelligence
- Application Log Management
- Security Information and Event Management (SIEM)
- Real-Time Event Alerts
- Privileged User Activity Auditing
-
Network Device Monitoring
- Network Device Monitoring
- Router Log Auditing
- Switch Log Monitoring
- Firewall Log Analyzer
- Cisco Logs Analyzer
- VPN Log Analyzer
- IDS/IPS Log Monitoring
- Solaris Device Auditing
- Monitoring User Activity in Routers
- Monitoring Router Traffic
- Arista Switch Log Monitoring
- Firewall Traffic Monitoring
- Windows Firewall Auditing
- SonicWall Log Analyzer
- H3C Firewall Auditing
- Barracuda Device Auditing
- Palo Alto Networks Firewall Auditing
- Juniper Device Auditing
- Fortinet Device Auditing
- pfSense Firewall Log Analyzer
- NetScreen Log Analysis
- WatchGuard Traffic Monitoring
- Check Point Device Auditing
- Sophos Log Monitoring
- Huawei Device Monitoring
- HP Log Analysis
- F5 Logs Monitoring
- Fortinet Log Analyzer
- Endpoint Log Management
- System and User Monitoring Reports
-
Log Management
- Product Resources
- Related Products
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- DataSecurity Plus File server auditing & data discovery
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- AD Free Tools Active Directory FREE Tools
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan strives to improve the security framework of a vast power-grid system in the United States, several provinces in Canada, and one state in Mexico. All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity.
With ManageEngine EventLog Analyzer, you can seamlessly monitor your Bulk Electric System (BES) cyber assets and fulfill NERC compliance. The solution securely collects and automatically analyzes logs from all the entities of your network and provides predefined reports for various compliance laws, including the NERC CIP.
Related Content
- Compliance hub
- What is security compliance?
- What is a compliance audit?
- Risks of regulatory non-compliance
- Compliance management software
Here's how EventLog Analyzer simplifies NERC compliance management
Track firewall activities
Section CIP 005-6 R1.5 of NERC CIP mandates organizations to monitor inbound and outbound traffic. EventLog Analyzer serves as a firewall log analyzer that offers visibility into the source and type of traffic communicating with your organization's network.
As a log management solution, EventLog Analyzer generates reports based on the traffic information from allowed and denied connections with sources, destinations, protocols, and ports along with timestamps. You can also gain a better understanding of your network activities with logons, configuration changes, user account changes, and traffic details. This also enables you to comply with section CIP 007-6 R1.1 by monitoring enabled ports.
Monitor user access to critical sources
You can satisfy sections CIP 007-6 R5.3 and CIP 007-6 R4.1 of NERC compliance with EventLog Analyzer's user session monitoring. As a compliance management solution, EventLog Analyzer monitors network logs to detect system and data misuse by auditing the user activity on the network.
Its user activity monitoring will provide precise information on critical events, such as user logons, user logoffs, failed logons, successful audit logs cleared, audit policy changes, objects accessed, and user account changes.
Audit privileged user activities
Monitor privileged users who have unrestricted access to critical applications, servers, and databases. EventLog Analyzer's privileged user auditing reports enable you to highlight any form of privilege abuse in your network. It also indicates creation or removal of user profiles and the escalation of user privileges. You will comply with NERC's section CIP 007-6 R5.3 by monitoring these activities.
Actively respond to breaches
Adhere to NERC CIP's section CIP 007-6 R3.1 by detecting security breaches as and when they occur with alerts that are sent instantly. The integrated incident management system in EventLog Analyzer identifies and handles security incidents effectively by assigning tickets to security administrators and alerting them via SMS or email to expedite the response time. You can also integrate EventLog Analyzer with your external help desk software, such as BMC Remedy Service Desk, Jira Service Desk, Kayako, ManageEngine ServiceDesk Plus, ServiceNow, and Zendesk. You can assign, manage, and track the progress of incoming incidents.
Extensive compliance support
Similar to NERC CIP, EventLog Analyzer offers out-of-the-box support for prominent regulatory mandates across industries, including PCI DSS, HIPAA, SOX, FISMA, the GDPR, as well as regulations recently enacted and enforced across the globe. The solution monitors every entity of your network to satisfy all the relevant sections and generate compliance-ready reports. It also notifies you with a real-time alerting system whenever a compliance breach is detected. This helps you improve response time and promptly respond to data breaches.
How does EventLog Analyzer assist with the different standards of NERC?
| NERC sections | Actions required | What EventLog Analyzer accomplishes |
|---|---|---|
| CIP 005-6 R1.3 |
Restrict access to critical network devices like firewall. Document accesses to these sources. |
|
| CIP 005-6 R1.5 | Monitor inbound and outbound traffic with IDS and firewall system. |
|
| CIP 007-6 R1.1/ CIP 007-6 R4.2 |
Configure firewall to open only the ports needed. Others should be restricted. Monitor enabled ports. |
|
| CIP 007-6 R3.1 | Implement a system to detect and prevent malicious activity in your network. |
|
| CIP 007-6 R4.1/ CIP 007-6 R5.7 |
Record and monitor successful and failed logins across the network. Mechanisms to limit the number of unsuccessful attempts and alert when threshold passes |
|
| CIP 007-6 R5.3 | Monitor users with access to shared documents. |
|
| CIP 009-6 R1.3 | Information crucial for the recovery of BES should be backed up and stored with one or more processes |
|
Other solutions offered by EventLog Analyzer
File Integrity Monitoring
Track activities such as creation, modification, and deletion on your files and folders. Receive instant alerts when any suspicious activity is detected.
Privileged user management
Audit privileged user activity and spot suspicious events, such as multiple logon failures, unauthorized logons, and attempts that deviate from normal access patterns.
Application log monitoring
Audit web server applications, databases, and DHCP applications, generate reports to identify anomalous user activities, troubleshoot application crashes, and detect security threats.
Log analysis
Detect anomalies, monitor critical security events, and track user behaviors with predefined reports, intuitive dashboards, and prompt alerts.
5 reasons to choose EventLog Analyzer as your NERC compliance solution
1. Comprehensive log management
NERC emphasizes the importance of monitoring firewall and activities. EventLog Analyzer provides out-of-the-box support for prominent firewall vendors like Barracuda, Sonicwall, pfSense, Palo Alto Networks, and Fortinet. Additionally, the solution supports over 750 other log sources for complete network log management.
2. In-depth auditing and reporting
Audit all the BES cyber assets in your network and obtain a detailed overview on what's happening in the network in the form of intuitive dashboards. The solution also comes with compliance-ready reports for prominent regulatory mandates, including NERC.
3. A powerful correlation engine
NERC mandates that organizations detect network anomalies and trace security threats. EventLog Analyzer's powerful correlation engine holds over 30 predefined correlation rules, and detects known malicious patterns by analyzing activities across the network.
4. Automated incident management
Implement a reliable system to detect and prevent malicious activity in your network. The solution has an integrated incident response and management console that assigns tickets when critical security events are detected to speed up incident resolution.
5. Augmented threat intelligence
Ensure that no malicious source enters your network with the advanced threat intelligence feed. Detect malicious IP addresses, URLs, and domain interactions with the built-in global IP threat intelligence database and STIX/TAXII feed processor.
Frequently asked questions
The NERC is a non-profit organization that was formed in 1968 with the mission of ensuring reliable operation of the continent's bulk power system. The US Federal Energy Regulatory Commission (FERC) is an independent agency that regulates the transmission and wholesale sale of electricity, natural gas, and oil.
The NERC is responsible for developing and maintaining standards for reliability and security of the North American bulk power system, while the FERC focuses on regulating interstate commerce.
The NERC Reliability Standards are the rules that help utilities make sure the grid is reliable, and these standards are updated every two years to meet the evolving requirements of the industry.
The NERC Reliability Standards cover seven areas:
- Asset management and planning
- Reliability evaluation and assessment
- Reliability monitoring and measurement
- System security and assurance
- Resource adequacy and capacity adequacy
- Distribution planning and operations
- Event response planning
The NERC standards are a set of requirements for the protection of critical infrastructure. The NERC standard is voluntary, but it has been adopted as a regulatory requirement for the power-grid infrastructure in the United States, Canada, and a part of Mexico. The compliance standards focus on physical and cybersecurity. It also includes guidelines on how to protect against cyberattacks, data security, and the management of data.
Here's how the sections of the NERC compliance ensures organizations to prioritize data security:
- Regular assessments on their facilities and systems to ensure their ability to resist cyberattacks.
- Development of plans to respond to a cyberattack or other malicious events. These plans must include procedures for responding to different types of attacks, including malware infections, unauthorized access attempts, denial-of-service attacks, and other malicious activities.
- Following specific procedures for dealing with information about critical infrastructure during an emergency response situation or disaster recovery process.
