Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
1
Replies

NFS Raw Events Compliancy

spellluck
Level 1
Level 1

‎08-26-2008 01:45 PM

Does anyone know if the Raw Events saved to the NFS server are PCI and/or Sarbanes-Oxley compliant?

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎08-26-2008 02:41 PM

I don't know how specific the actual requirements are (I doubt SOX is very specific). Some systems produce binary logs (e.g. Windows, Checkpoint), so "raw message" is not always as cut-and-dried as it seems. Most syslog and SNMP raw messages closely (exactly?) resemble the original message. Anything that is not syslog/snmp is more suspect. Checkpoints are better, but still not the same as what I see using the Checkpoint tools for example. The Cisco IPS devices now show up as XML and perhaps mirror exactly what was returned from the sensor. You'd want to carefully test everything device you anticipate reporting into MARS.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents