Support Get Quote

Achieving GPG 13 compliance by leveraging EventLog Analyzer's capabilities


EventLog Analyzer, a comprehensive log monitoring tool, helps you adhere to GPG 13 (Good Practice Guide 13) compliance. With its diverse set of features, EventLog Analyzer seamlessly aligns with GPG 13's twelve protective monitoring controls (PMCs), such as accurate time in logs, monitoring user access, tracking system changes, and maintaining audit logs. It offers predefined reports with each PMC mapped to different security events.

EventLog Analyzer is trusted by over
10000 customers


Related solutions offered by EventLog Analyzer


    Privileged user monitoring

    Track privileged user accounts and detect any suspicious events like unauthorized logons, logon failures, user account changes, user group change, audit logs cleared, audit policy changes, and access attempts during non-working hours. EventLog Analyzer also provides reports which help to identify user behavior that may indicate privilege abuse.

    Learn more

    Log archiving

    With help of EventLog Analyzer, archive all collected logs and automatically store them securely after the retention period is complete. By configuring the retention period details in EventLog Analyzer, you can adhere to GPG 13, which specifies that the logs need to be retained for at least six months.

    Learn more

    Log forensic analysis

    EventLog Analyzer's forensic analysis feature provide organizations with the capabilities necessary to conduct in-depth investigations into security incidents and identify root causes.

    Learn more

    Application auditing

    Audit all your critical application servers like Apache, IIS, SQL, and other custom applications. The tool collects, analyzes, and correlates any application logs and provides actionable insights about network events.

    Learn more
Requirement How EventLog Analyzer helps with compliance EventLog Analyzer reports
Accurate time stamp
Prevents anyone from tampering with log timestamps. ELA ensures secure log storage to prevent any tampering.
Recording of business traffic crossing a boundary
Records traffic that passes through IIS and Apache web servers in the PMC 2 reports.
  • Apache client errors
  • Apache server errors
  • Apache HTTP internal server error
  • Apache HTTP forbidden
  • Apache HTTP server not found
  • IIS client errors
  • IIS server errors
  • IIS password change
  • IIS failed user authentication
  • IIS HTTP bad request
  • IIS site access denied
Recording of suspicious activity at the boundary
Displays all connections that have been denied and possible attacks on network perimeter devices in the PMC 3 reports.
  • Website traffic
  • Denied connections
  • AWS failed access requests
  • All AWS access requests
Recording of internal workstation, server, or device status
Detects and records any suspicious activity, including configuration changes, privileged access, unexpected system and application restarts, software installation, removable media insertion and removal, and sensitive file access.
  • AWS accessed files
  • AWS deleted files
  • AWS created or modified files
  • Command executed
  • Command failed
  • Modified buckets
  • Deleted buckets
  • AWS failed events
Recording of suspicious internal network activity
Records policy changes and helps identify if an inside user is carrying out malicious activity.
  • Successful logons
  • Failed logons
  • Logoff events
  • Successful VPN logons
  • Failed VPN logons
  • Audit policy changes
  • User rights assigned
  • User rights removed
  • Trusted domain created
  • Trusted domain modified
Recording of network connections
Records all Windows, Unix, and network perimeter device logons.
  • Windows successful user logons
  • Network logon
  • Windows successful user logoffs
  • Network logoff
  • Windows unsuccessful User logons
  • User logons
  • User logoffs
  • Unix unsuccessful user logons
Recording of session activity of users and workstations
Tracks entire user sessions from logon to logoff, including details of their activity during the session.
  • Failed events by user
  • Update events by user
  • Delete events by user
  • Create events by user
Recording of data backup status
Records failed backups and restoration events.
  • Successful Windows backup
  • Failed Windows backup
  • Successful Windows restore
  • Failed Windows restores
Alerting when critical events occur
Sends real-time alerts via email and SMS when any anomalous activity happens in the network. A program can be assigned to run when an alert is generated. ELA's incident response and management console alerts the users when critical events occur.
PMC 10
Reporting on the status of the audit system
Tracks the clearing of all security logs and event logs.
  • Event logs cleared
  • Security logs cleared
PMC 11
Production of sanitized and statistical management reports
Offers a highly customizable reporting function. Admins can configure existing reports to suit their specific requirements, or they can create new ones. ELA allows you to customize and schedule the existing predefined report in order to meet the unique security policy requirements that are concerned with your enterprise/industry.
PMC 12
Providing a legal framework for protective monitoring activities
Ensures that all data is collected and analyzed for forensic validity. ELA allows you to centrally collect, archive, search, analyze and correlate machine generated logs obtained from heterogeneous systems, network devices and applications, and generates forensic reports.

Manage logs effectively and stay compliant.

EventLog Analyzer helps you meet various regulatory mandates by auditing.managing, and analyzing logs.

ISO 27001:2013  FERPA  FISMA  SOX  HIPAA  GLBA  GDPR  NERC CIP  CCPA  ISLP  Cyber Essentials  GPG 13  PDPA 

Frequently asked questions

What is GPG 13 compliance?

The Good Practice Guide 13 (GPG 13) is a framework with 12 protective monitoring controls (PMCs) for all His Majesty's Government organizations. The GPG 13 is defined by the Communications-Electronics Security Group (CESG), who are Britain’s information assurance authority. When it comes to user access to networks and systems, GPG 13 requires organizations to record:

  • Unauthorized application access
  • File access attempts to sensitive information
  • Successful logins and logouts
  • Unsuccessful logins and logouts
  • Privileged system changes (e.g. account management, policy changes, device configuration)
  • Retain logs for at least six months.

How can you comply with GPG 13?

Compliance with GPG 13 is crucial for organizations dealing with sensitive data and connected to government networks, as it helps protect privacy, prevent data breaches, and enhance overall cybersecurity. To comply with GPG 13, you need to implement all 12 PMCs of GPG 13. It can be difficult, especially for organizations facing constraints such as limited resources, or small IT security teams. However, it is necessary to adhere to GPG 13 to ensure the security and integrity of critical systems and sensitive information.

What is protective monitoring?

Protective monitoring involves the practice of actively monitoring and analysis of computer systems, networks, and digital assets to detect and respond to security threats, vulnerabilities, and incidents. Protective monitoring is essential for organizations that handle sensitive data, work with government entities, or operate in industries with strict security and compliance requirements. It helps organizations identify security weaknesses, detect unauthorized access, and respond effectively to security incidents, reducing the potential impact of security breaches and minimizing downtime.

Who is expected to follow the GPG 13 compliance?

Although the regulatory directives of GPG 13 primarily target His Majesty’s Government (HMG) departments and agencies, service providers may also find themselves obligated to adhere. Service providers that have access to government data are also expected to meet the stipulated obligations.

Seamlessly achieve GPG 13 compliance with EventLog Analyzer

Download a free trial now

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

A Single Pane of Glass for Comprehensive Log Management