Enhance identity security monitoring with EventLog Analyzer

EventLog Analyzer integrates with ManageEngine ADSelfService Plus to centralize log management. By fetching web access and audit logs from ADSelfService Plus, EventLog Analyzer enables detailed analysis for easier security and compliance auditing.

Centralizing these logs alongside other network and system logs allows for enhanced correlation, providing valuable insights into user interactions and security incidents. This integration supports proactive threat detection and effective troubleshooting, contributing to a secure and compliant IT environment.

Before you begin, ensure that ADSelfService Plus is configured to forward its web access and audit logs to EventLog Analyzer for monitoring.

Monitoring the ADSelfService Plus instance

To begin monitoring, configure ADSelfService Plus to forward its logs to EventLog Analyzer. This step is crucial for real-time analysis and effective monitoring of user self-service activities. Centralized log management allows for the early detection of security threats, facilitates quick incident response, and supports the generation of detailed compliance reports, ensuring a secure and well-monitored IT environment.

Use Case Description Why implement it? Available reports, alerts, and capabilities
Monitoring ADSelfService Plus activities EventLog Analyzer logs all actions within ADSelf Service Plus, providing a complete audit trail of user and system activities. Ensure comprehensive monitoring for security, compliance, and quick detection of any unusual or unauthorized actions.

Activitiy report:

  • Product Activity Report
Auditing user access to ADSelfService Plus Auditing user access to ADSelf Service Plus involves logging all user activities, including login attempts and critical actions, to monitor and control access. Ensure security and compliance by detecting unauthorized access, tracking user actions, and providing necessary evidence for investigations.

Logon reports:

  • Successful Logins
  • Failed Logins
Monitoring ADSelfService Plus' access Web access reports track HTTP status codes and server responses, including success, errors, and client-server issues. They provide insights into request patterns and overall web server performance. Ensure timely detection and resolution of web access issues, improving service availability. Also, enhance security by monitoring unauthorized access attempts and system failures.

Web Access Reports:

  • HTTP Status Success
  • HTTP Bad Gateway
  • HTTP Internal Server Error
  • HTTP Gateway Timeout
  • HTTP Request URI Too Large
  • HTTP Unsupported Media Type
  • HTTP Request Entity Too Large
  • HTTP Forbidden
  • HTTP Server Not Found
  • HTTP Request Timeout
  • HTTP Bad Request
  • HTTP Unauthorized
  • Information Reports
  • Success Reports
  • Redirection Reports
  • Responses over time
  • Client Error Reports
  • Server Error Reports

Compliance use case

Many regulatory frameworks mandate the implementation of monitoring solutions to track access and modifications, ensuring data security and integrity. The following table demonstrates how EventLog Analyzer can help you meet compliance requirements by monitoring and analyzing ADSelfService Plus. For more detailed solution mapping, please refer to the EventLog Analyzer compliance page.

Industry Regulation Requirements
Healthcare Health Insurance Portability and Accountability Act (HIPAA)
  • Security management process: Requirement 164.308(a)(1)
  • Information system activity review: Requirement 164.308(a)(1)(ii)(D)
  • Audit controls: Requirement 164.312(b)
  • Access control: Requirement 164.312(a)(1)
  • Integrity: Requirement 164.312(c)(1)
Education Family Educational Rights and Privacy Act (FERPA)
  • Section 99.31(a): Conditions for access to student records
  • Section 99.32: Recordkeeping of access and disclosures
Financial services Payment Card Industry Data Security Standard (PCI DSS)
  • Requirement 10.1: Link all access to system components to each user
  • Requirement 10.2: Implement automated audit trails to log key events
  • Requirement 10.3: Record the user ID, event type, date and time, success or failure, event origin, and affected data
  • Requirement 10.5: Secure audit trails from unauthorized access and modifications
  • Requirement 10.7: Retain your audit trail history for at least 1 year, with 3 months readily available
  Gramm-Leach-Bliley Act (GLBA)
  • Safeguards Rule (16 CFR Part 314)
  • Information Security Program (314.4)
  Sarbanes-Oxley Act (SOX)
  • Section 302: Establish and maintain internal controls for financial reporting; disclose control deficiencies
  • Section 404: Make an annual internal control report on the effectiveness of the internal control structure for financial reporting
  • Section 409: Ensure real-time disclosure of material changes in the financial condition or operations of the company
Government Federal Information Security Management Act (FISMA)
  • NIST SP 800-53, AU-2: Audit Events
  • NIST SP 800-53, AU-3: Content of Audit Records
  • NIST SP 800-53, AU-4: Audit Log Storage Capacity
  • NIST SP 800-53, AU-5: Response to Audit Logging Process Failures
  • NIST SP 800-53, AU-6: Audit Record Review, Analysis, and Reporting
  North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
  • CIP-007-6 R4: Logging
  • CIP-007-6 R5: Security event monitoring
  • CIP-008-6 R1: Incident reporting and response planning
  Nuclear Regulatory Commission - Title 10 of the Code of Federal Regulations ( NRC - 10 CFR) 73.54: Protection of digital computer and communication systems and networks
  NRC Regulatory Guides RG 5.71 - Section C.5.5.4: Audits and accountability
  Cybersecurity Maturity Model Certification (CMMC )
  • AU.2.041: Trace actions to individual users
  • AU.3.045: Review and update logged events
  • AU.3.046: Alert on audit log failures
  • AU.3.048: Centralize audit logs
  • AU.3.049: Correlate and analyze audit logs for suspicious activities
Data privacy General Data Protection Regulation (GDPR)
  • Article 30: Records of processing activities
  • Article 32: Security of processing
  California Consumer Privacy Act (CCPA) and California Privacy Rights Act ( CPRA )
  • 1798.100(e): Implement and maintain reasonable security procedures
  • 1798.145(i): Secure personal information
  Personal Data Protection Act - Singapore (PDPA )
  • Section 21: Security measures for personal data protection
  • Section 22: Rights of data subjects
  Protection of Personal Information Act - South Africa (POPIA )
  • Section 19: Security safeguards
  • Section 21: Security measures on information systems
  Lei Geral de Proteção de Dados Pessoais - Brazil (LGPD )
  • Article 6: Principles for processing personal data
  • Article 46: Security and confidentiality of data
Information security International Organization for Standardization/International Electrotechnical Commission Information Security Management System (ISO/ IEC 27001:2013)
  • A.12.4.1: Event logging
  • A.12.4.3: Administrator and operator logs
  National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
  • PR.PT-1: Audit and log records are determined, documented, implemented, and reviewed in accordance with policy
  • DE.AE-3: Event data is collected and correlated from multiple sources and sensors
  Cyber Essentials
  • User access control: Ensure that user activities are tracked and logged
  • Security monitoring: Implement measures to detect and alert on unauthorized access
  Cloud Security Alliance Cloud Controls Matrix (CoCo )
  • Audit logging: Ensure logs are maintained for system activities
  • Monitoring and responses: Use logs for monitoring and incident response
  Good Practice Guide (GPG )
  • Audit trails: Maintain records of system activities
  • Monitoring and review: Regularly review logs for anomalies
  Information Security Lapse Policy ( ISLP )
  • Logging and monitoring: Implement and maintain logging mechanisms
  • Incident response: Use logs for incident investigations
  Trusted Information Security Assessment Exchange (TISAX )
  • Logging and monitoring: Ensure all relevant actions are logged
  • Incident management: Use logs to detect and respond to incidents
  Saudi Arabian Monetary Authority Cyber Security Framework (SAMA )
  • 4.1.4: Monitor and log access to critical systems
  • 4.1.5: Regularly review audit logs for unauthorized activities
Others UAE Signals Intelligence Agency (SIA) (formerly NESA)
  • Section 3.8: Logging and monitoring
  • Section 4.6: Security incident management
  Qualifications and Credit Framework (QCF )
  • CS-12: Log and monitor activities
  • CS-13: Manage and respond to incidents
  Cyber Joint Defense Network (CJDN )
  • Policy Area 7.1: Auditing and accountability
  • Policy Area 7.2: Incident response
  Elliptic Curve Cryptography (ECC )
  • Control 10: Log management
  • Control 11: Security event monitoring