List of Information System Logs that required during Security Assessment

List of Information System Logs that required during Security Assessment

1. Authentication server or system logs may include successful and failed authentication attempts.

2. System logs may include system and service startup and shutdown information, installation of unauthorized software, file accesses, security policy changes, account changes (e.g., account creation and deletion, account privilege assignment), and privilege use.

3. Intrusion detection and prevention system logs may include malicious activity and inappropriate use.

4. Firewall and router logs may include outbound connections that indicate compromised internal devices (e.g., rootkits, bots, Trojan horses, spyware).

5. Firewall logs may include unauthorized connection attempts and inappropriate use.

6. Application logs may include unauthorized connection attempts, account changes, use of privileges, and application or database usage information.

7. Antivirus logs may include update failures and other indications of outdated signatures and software.

8. Security logs, in particular patch management and some IDS and intrusion prevention system (IPS) products, may record information on known vulnerable services and applications.