Monitoring ManageEngine OpManager instances

EventLog Analyzer integrates with and monitors your ManageEngine OpManager instance for log management and compliance use cases. Through this integration, EventLog Analyzer ingests OpManager's access and audit logs for further analysis to ensure security and meet compliance needs.

Centralizing OpManager's access logs with other network and system logs facilitates effective correlation through the incorporation of user access data, offering enriched insights into operational activities and potential security threats. This enables proactive threat detection, efficient troubleshooting, and comprehensive compliance reporting, thereby ensuring a robust, secure IT environment.

Before you begin, ensure you have configured OpManager to forward its access and audit logs to EventLog Analyzer for monitoring.

Monitoring OpManager

Compliance mandates, especially for government and federal institutions, require enterprises to centralize logs from applications, especially network monitoring tools like OpManager, for ensuring security and facilitating forensic analysis. EventLog Analyzer centralizes audit and access logs from OpManager, enabling comprehensive monitoring through the following use cases:

Use Case Description Why implement it? Available reports, alerts, and capabilities
Monitoring OpManager activities Centralizes the activity logs of OpManager To strengthen the security posture of your network, detect threats at early stages, and comply with regulations Product Activity Report
Monitoring OpManager's access Tracks the access logs of your OpManager instance to ensure smooth functioning and availability To analyze web access trends and detect issues such as unauthorized access or server errors

Web Access Reports:

  • HTTP Status Success
  • HTTP Bad Gateway
  • HTTP Internal Server Error
  • HTTP Gateway Timeout
  • HTTP Request URI Too Large
  • HTTP Unsupported Media Type
  • HTTP Request Entity Too Large
  • HTTP Forbidden
  • HTTP Server Not Found
  • HTTP Request Timeout
  • HTTP Bad Request
  • HTTP Unauthorized
  • Information Reports
  • Success Reports
  • Redirection Reports
  • Responses over time
  • Client Error Reports
  • Server Error Reports
Monitoring user access to OpManager Monitors user authentication and access logs To identify successful and failed login attempts and ensure secure access management

Debug Reports:

  • Successful Logins
  • Failed Logins
System and debug log monitoring Monitors system and debug logs for OpManager instances and services To identify and troubleshoot issues related to accessing OpManager's logs and their availability

Debug Reports:

  • Instance Created
  • Services Created
  • Server Started

Compliance

The following compliance regulations mandate that you centralize audit and access logs from applications deployed in the secure network for monitoring and analysis. They also recommend that you detect suspicious trends from this analysis to strengthen your overall security posture. EventLog Analyzer helps you meet these requirements by centralizing and analyzing OpManager logs:

Industry Regulation Requirements
Healthcare HIPAA
  • Requirement 164.308(a)(1): Security management process
  • : Information system activity review
  • Requirement 164.312(a)(1): Access control
  • Requirement 164.312(b): Audit controls
  • Requirement 164.312(c)(1): Integrity
Requirement 164.308(a)(1)(ii)(D)
Education FERPA
  • Section 99.31(a): Conditions for access to student records
  • Section 99.32: Recordkeeping of access and disclosures
Financial services PCI DSS
  • Requirement 10.1: Link all access to system components to each user
  • Requirement 10.2: Implement automated audit trails to log key events
  • Requirement 10.3: Record the user ID, event type, date and time, success or failure, event origin, and affected data
  • Requirement 10.5: Secure audit trails from unauthorized access and modifications
  • Requirement 10.7: Retain your audit trail history for at least 1 year, with 3 months readily available
  GLBA
  • 16 CFR Part 314: Safeguards rule
  • 16 CFR Part 314.4: Information security program
  SOX
  • Section 302: Establish and maintain internal controls for financial reporting; disclose control deficiencies
  • Section 404: Make an annual internal control report on the effectiveness of the internal control structure for financial reporting
  • Section 409: Ensure real-time disclosure of material changes in the financial condition or operations of the company
Government FISMA
  • NIST SP 800-53, AU-2: Event logging
  • NIST SP 800-53, AU-3: Content of audit records
  • NIST SP 800-53, AU-4: Audit log storage capacity
  • NIST SP 800-53, AU-5: Response to audit logging process failures
  • NIST SP 800-53, AU-6: Audit record review, analysis, and reporting
  NERC CIP
  • CIP-007-6 R4: Logging
  • CIP-007-6 R5: Security event monitoring
  • CIP-008-6 R1: Incident reporting and response planning
  NRC - 10 CFR Part 73.54: Protection of digital computer and communication systems and networks
  NRC Regulatory Guides RG 5.71 - Section C.5.5 : Audits and accountability
  CMMC
  • AU.2.041: Trace actions to individual users
  • AU.3.045: Review and update logged events
  • AU.3.046: Alert on audit log failures
  • AU.3.048: Centralize audit logs
  • AU.3.049: Correlate and analyze audit logs for suspicious activities
Data privacy GDPR
  • Article 30: Records of processing activities
  • Article 32: Security of processing
  CCPA and CPRA
  • 1798.100(e): Implement and maintain reasonable security procedures
  • 1798.145(i): Secure personal information
  PDPA
  • Section 21: Security measures for personal data protection
  • Section 22: Rights of data subjects
  POPIA
  • Section 19: Security safeguards
  • Section 21: Security measures on information systems
  LGPD
  • Article 6: Principles for processing personal data
  • Article 46: Security and confidentiality of data
Information security ISO/IEC 27001:2013
  • A.12.4.1: Event logging
  • A.12.4.3: Administrator and operator logs
  NIST CSF
  • PR.PT-1: Audit and log records are determined, documented, implemented, and reviewed in accordance with policy
  • DE.AE-3: Event data is collected and correlated from multiple sources and sensors
  Cyber Essentials
  • User access control: Ensure that user activities are tracked and logged
  • Security monitoring: Implement measures to detect and alert on unauthorized access
  CoCo
  • Audit logging: Ensure logs are maintained for system activities
  • Monitoring and responses: Use logs for monitoring and incident response
  GPG
  • Audit trails: Maintain records of system activities
  • Monitoring and review: Regularly review logs for anomalies
  ISLP
  • Logging and monitoring: Implement and maintain logging mechanisms
  • Incident response: Use logs for incident investigations
  TISAX
  • Logging and monitoring: Ensure all relevant actions are logged
  • Incident management: Use logs to detect and respond to incidents
  SAMA Cyber Security Framework
  • 4.1.4: Monitor and log access to critical systems
  • 4.1.5: Regularly review audit logs for unauthorized activities
Others UAE SIA (formerly NESA) IAR
  • Section 3.8: Logging and monitoring
  • Section 4.6: Security incident management
  QCF
  • CS-12: Log and monitor activities
  • CS-13: Manage and respond to incidents
  CJDN
  • Policy Area 7.1: Auditing and accountability
  • Policy Area 7.2: Incident response
  ECC
  • Control 10: Log management
  • Control 11: Security event monitoring