Yes, Log360 allows for customizable log retention policies, enabling you to store and archive logs for as many years as required by the latest SEBI circulars.
The Securities and Exchange Board of India (SEBI) designed the Cyber Security and Cyber Resilience Framework (CSCRF) as a comprehensive roadmap for market infrastructure institutions and regulated entities. This framework aims to standardize cybersecurity practices across the Indian securities market with five key goals: Anticipate, Withstand, Contain, Recover, and Evolve. By maintaining compliance with the CSCRF, organizations can become resilient against increasingly sophisticated cyberthreats.
SEBI requires a proactive detection process capable of identifying anomalous events across the network. Log360 comes equipped with over 2,000 out-of-the-box threat detection rules, allowing your SOC to identify sophisticated threats like ransomware, SQL injection, and insider threats the moment they occur.
Manual incident reporting is no longer feasible under the 2024 CSCRF guidelines. Log360 automates the identification of high-impact incidents and provides a one-click technical summary, ensuring your organization meets the strict six-hour reporting window to the regulator.
Log360 monitors the movement and access of regulatory data, which SEBI mandates must be localized within India. Its geolocation tracking and file integrity monitoring (FIM) alert you immediately if sensitive data is accessed from unauthorized locations or exported in bulk.
The CSCRF shifts the burden of resilience to the board. Log360 translates technical logs into high-level metrics required for the Cyber Capability Index, allowing the IT committee to provide the oversight required by the framework through clear, risk-based dashboards.
For regulated entities in the Indian capital markets, failing to adhere to the CSCRF mandates can result in:
ManageEngine Log360 provides an integrated SIEM solution that helps organizations align with the core pillars of the CSCRF. From log retention to real-time threat detection, Log360 automates the technical controls required to protect the integrity of the securities market.
Explore the complete capability mapping below:
| Standard code | Requirement description | How Log360 can help |
|---|---|---|
| GV.OV | Oversight | Provides executive-level dashboards and cyber resilience summaries for the cybersecurity steering committee. It translates technical log data into risk-based metrics that leadership can use to oversee the information security management system efficacy. |
| ID.AM | Asset Management | Automatically discovers and maintains an inventory of digital assets (e.g., IPs, URLs, and applications). It detects rogue devices or unauthorized software installations by auditing network logs. |
| PR.DS | Data Security | Tracks access to regulatory data and IT/cybersecurity data using FIM. It alerts on unauthorized data exports or modifications to sensitive financial records. |
| DE.CM | Security Continuous Monitoring | Acts as the primary engine for the mandated 24/7 SOC. It provides real-time monitoring across the network, endpoints, and cloud, ensuring that the continuous requirement is met through automated log collection and live dashboards. |
| DE.DP | Detection Process | Log360 features a powerful correlation engine equipped with over 2,000 predefined threat detection rules. This allows regulated entities to detect complex attack patterns instantly—such as brute-force attacks, SQL injection, and lateral movement—across the entire network infrastructure without manual rule creation. |
| RS.MA | Incident Management | Automatically converts security alerts into incidents. It provides a centralized console to manage the life cycle of a threat, from detection to closure, including technician assignment. |
| RS.CO | Incident Response Reporting and Communication | Facilitates SEBI’s strict six-hour reporting window by providing instant alerts and automated incident summaries containing the technical data required for regulatory filing. |
| RS.AN | Incident Analysis | Maintains an immutable audit trail with cryptographic hashing. It ensures that log data used for root cause analysis or forensic investigation is tamper-proof and admissible. |
Log360 streamlines your SEBI CSCRF compliance process by automating data collection, speeding up audits, reducing manual errors, and maintaining continuous security compliance effortlessly.
Monitor your compliance posture in real time. Log360 correlates logs from users, systems, and network devices to uncover hidden patterns that may indicate compliance gap or security threats, making it easier to demonstrate compliance to auditors.
Learn moreReceive instant alerts whenever compliance violations occur in your network. Log360 continuously scans your environment in real time to detect and notify you of potential breaches, helping you mitigate risks before they escalate into penalties.
Learn moreYes, Log360 allows for customizable log retention policies, enabling you to store and archive logs for as many years as required by the latest SEBI circulars.
Absolutely. Log360 includes prebuilt report templates that cover user access, system changes, and incident response, which are essential for the half-yearly audit reports required by SEBI.
Log360 assists by providing the tools for rapid detection and automated response, ensuring that if a breach occurs, the impact is contained, and services can recover within the mandated recovery time objective.
Our solutions undergo rigorous third-party audits to ensure compliance with the same global security and privacy standards we help you achieve.
Explore how Log360 can unify your security analytics, reduce noise, and provide clear, actionable insights.