References¶
Non Tailoring Collections¶
The scpa_access_time collection is populated by javascript that automatically runs as dashboards are loaded. Data can be viewed on the Solution Activity page.
Data Source Examples¶
| Data Model / Source | Example Data Sources (Not Exhaustive) |
|---|---|
| Authentication | Windows, *Nix, Okta, Cisco ISE, Juniper (VPN) |
| Change | Windows, *Nix, Okta, Netscreen (Firewall), Syslog, CarbonBlack |
| Compute_Inventory | *Nix, Windows, Cisco UCS |
| Endpoint Ports | *Nix |
| Endpoint Processes | *Nix |
| Endpoint Services | *Nix |
| Intrusion_Detection | Netscreen (Firewall), Juniper (IDP), McAfee (IDS), Okta (IM), Carbonblack, Wireless IDS (Air Defender) |
| Malware | McAffee EPO |
| Network_Sessions | Juniper (VPN), Stream/Bro DHCP |
| Network_Traffic | Netscreen (Firewall), Cisco ISE, Juniper (Firewall), Carbonblack |
| Updates | Windows, *Nix |
| Vulnerabilities | Nessus, Windows |
| Web | Websense, Bro (HTTP) |
Audit status records¶
Audit status records are color coded. Available color options are available here and can be added into the KV Store collection audit_status_collection
Alerts and Saved Searches¶
Failed Audit Changes¶
Practice AU.3.046 calls for alerting for audit record failure.
Hosts without Events Logged for 1 Day¶
Display number of hosts without events logged for a day. Alerts when number of hosts is greater than zero.
Index Audit Events¶
Scheduled Saved Search to send data from audit entries collection to the summary index.
Mapping panels across Frameworks¶
The custom content panels use the lookup “panel_framework_mapping” to map panels that are consistent across frameworks. To add additional mapping, add a practice to the corresponding framework field in the panel_framework_mapping lookup. For Example:
| cmmc | dfars | fisma | rmf | omb |
|---|---|---|---|---|
| AC.1.001 | 3.1.1 | AC-2 | AC-2.1 | Identity and Credential Management |