cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Security Questions

Hi,

I have a request of our security team to answer of some securty questions that i can't answer because I don't know.

Can you please help me to answer the following questions:

1.      Is the application designed to log transaction events (such as: host name, account identifier, date and time stamp, event type, source IP address, description of the activity performed ,event ID, reason for logging event, source and destination network addresses)?

2.       Does the application log user access activity such as successful logons, logoffs, and unsuccessful logon attempts? 

3.       Is the application designed to log and monitor activity performed by privileged accounts?

4.       Does the application provide built in audit log reports?

5.       Where are the logs saved? And for how long?

Thanks in advance

Shay.

0 Kudos
5 Replies
Level 16

Hi Shay

NPM is NMS use to monitor network infrastructure with snmp/trap syslog and icmp.

http://en.wikipedia.org/wiki/Network_management_system

I think you look for SIEM that is realy good to monitor users ,firewall and protocols that running in the wire.

http://en.wikipedia.org/wiki/Security_information_and_event_management

Solarwinds has that

http://www.solarwinds.com/SIEM-security-information-event-management-software.aspx

Other vendors  tools

Splunk

splunk.com

Qradar

http://q1labs.com/products.aspx


0 Kudos
Level 7

Hi Sja

Thanks for your replay

I'm afraid I do not understand correctly
I mean is in the Solarwinds system  has its own security logs that can monitor itself

Thanks in advance

Shay


0 Kudos
Level 16

Hi Shay

Solarwinds is 100% integratet with MS-AD  (users/groups access control)

From NPM 10.4 you will have Auditing trail (who did what in NPM)

http://thwack.solarwinds.com/message/183338#183338

Hope thats helps

Level 7

Thanks Sja

0 Kudos
Level 8

I would like to know it to. I cant find the logs in solarwinds folder.

0 Kudos