Browse Prior Art Database

Audit trail logs discovery and tracking

IP.com Disclosure Number: IPCOM000243690D
Publication Date: 2015-Oct-13
Document File: 3 page(s) / 42K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to detect and track audit trails information e.g. logs by Software Asset Management Tool

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Audit trail logs discovery and tracking

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle credit cards.

There are products that determine if the level of compliance with PCI, as well as PCI requirements are met in Customer environment.

One of PCI rules requires audit trail of all security relevant logs. These are logs from i.e. IBM WebSphere which have accounting software deployed or from IBM DB2 which keeps credit cards records.

More: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf Requirement 10: Track and monitor all access to network resources and cardholder data

The currently known solutions allows to manually define software name and logs location on a given server or group of servers. This approach is limited to:
1. Time consuming effort to keep all logs locations for with all deployment / configuration changes that happens on environment (effort increases higher for dynamic virtualized env)

2. Lack of correlation of planned IT changes in infrastructure (i.e. change of log directory to new file system)

3. Troublesome to keep all logs location up-to-date

The disclosed idea address above limitation by introducing novel approach to discover audit logs based on correlation with software discovery.

In disclosed idea we utilize the fact that every installed software location is correlated

with information about place where logs are stored. This information depends on deployment methods, software configuration or environment specific policies.

This disclosure presents novel approach for audit logs discovery based on correlation of software discovery rules with audit logs finding procedures that provides reliable and accurate audit trail logs tracking.

The system contains elements:
1. Agent's audit logs finding scanner which correlates software discovery scan rules

with procedures for audit logs finding

2. Server's knowledge base of software discovery rules and correlated audit logs finding procedure

3. Server's interface that allows to import official vendor served rules with procedures catalog or define custom rules/procedures for internal software audit logs finding

Steps:
1. Agent's performs software discovery scan and finds newly installed software on file

system
i.e.

ServerSoftware under /opt/IBM/ServerSoftware

1


Page 02 of 3

2. Agent requests for audit logs finding procedures which are correlated to found software. Server send to agent audit logs finding procedures
i.e.

ServerSoftware discovery rule

<param name="INSTALL_PATH" />

open INSTALL_PATH subdirectory...