007-6-Cyber Security: System Security Management

In the Reports Portal, select Repository > Standard Content > NERC> CIP-007 System Security Management.

NERC Standard 007-6: System Security Management manages your system by specifying technical, operational, and procedural requirements for your BES cyber system, ensuring that your organization supports and maintains appropriate cyber security requirements for your organization.

Dashboards Reports

Login Activity Overview

Malware Overview

User Activity Overview

Users and Accounts Overview

n/a

Login Activity Overview

Provides an overview of login activity. The table shows the details of the event, and each event will take you to the Event Inspector. You can also click Open in Search and it will take you to the search page and loads the categoryBehavior = /Authentication/Verify query with the same time that the dashboard was run.

Charts:

  • By Destination User

  • By Destination Host

  • By Source Address

  • Events Table

Special Filters:

  • Login Activity Distribution

  • Windows Logon Type

Filters:

  • Login Outcomes

  • Device Vendor and Product

Malware Overview

Helps you track malware activity.

Charts:

  • Reported Malware

  • Malware Distribution

  • Infected Assets

  • Action Outcome and Malware Name

  • Timeline

  • Events Table

Special Views:

  • DGA Overview

  • Attacks and Suspicious Activity

  • Host Profile Overview

Filters:

  • Device Vendor and Product

  • Category Outcome

  • Agent Severity

User Activity Overview

Provides an overview of user activity.

Charts:

  • Login Connections

  • Privileged Groups

  • Account Management Actions

  • Outbound Traffic

  • Requested URLs

  • Processes Used

  • Application Protocols

  • Ports

  • Events Table

Filters:

  • Device Vendor and Product
  • Category Outcome

Users and Accounts Overview

Provides an overview of all the users created and deleted in the last hour.

Charts:

  • Created Users
  • Deleted Users
  • Trend

  • Events Table