Laserfiche WebLink
SOLICITATION # CH16012 <br />created events. There are a number of security events as well, including successful login, failed <br />login, security privilege escalation, and viewing of a table. These events can either be monitored <br />manually, generate an Incident based on a parameter or when metric is reached; such as failed <br />logins per minute. <br />The final aspect of logging is the audit history. Audit history may be turned on for any particular <br />table or field. The audit log table then maintains a record of who made changes when to a table or <br />field and what they changed. <br />QTS <br />All account activities are logged including account creation, modification, disabling and <br />termination. Logs are monitored and notifications are sent for abnormal activity. Splunk Enterprise <br />is used as the centralized audit log monitoring tool to centrally collect, analyze and reduce the <br />amount of audit logs. <br />As referenced in IT_PRO_07_Audit_and_Accountability—Procedure (v1.0—1/20/14), on -site <br />network and security operations monitoring coverage and audit management process; to include <br />analysis, reporting, and alerting into a central repository provided by a highly available Splunk <br />logging service. Splunk logging service supports QTS cloud information systems for <br />organizational —wide situation awareness. Splunk provides built-in capabilities to filter, normalize, <br />and correlate the large amounts of data produced by QTS cloud, and then allows QTS's support <br />staff to use Splunk's built-in capabilities to data mine, log mine, and run pre -developed and ad -hoc <br />reports against the result sets obtained during the data and log mining sessions. Logs are centrally <br />correlated and reviewed from devices across QTS cloud Hosting Environment by QTS's Systems <br />Engineer or designee. <br />Specific report categories include: <br />-Authentication and Authorization Reports <br />• Systems and Data Change Reports <br />-Network Activity Reports <br />-Resource Access Reports <br />•Malware Activity Reports <br />-Failure and Critical Error Reports <br />• Vulnerability Correlations Reports <br />-Anti-Port Correlations Reports <br />-Watch List Correlations Reports <br />VMware <br />VMware IaaS Services <br />In accordance with our ISO and SOC commitments, change -related activity, including <br />administrative actions, performed on the management infrastructure layers supporting vCloud Air <br />are monitored and logged to a centralized logging server for a minimum of 1 year. Infrastructure <br />logging is in place for customer interactions with the vCloud Air management and administrative <br />consoles. These logs are only for the management and administrative interfaces. <br />These are not in place for monitoring of individual customer VMs installed within the customer <br />tenant org. Limited logging and activity reporting are available from customer tenant environments, <br />with more detailed reporting, auditing and logging capabilities introduced Q4-2014. <br />VMware AirWatch <br />To enable user accountability, we have full auditing capabilities on all environments in the <br />AirWatch Cloud. Customers can use the built-in event log, customizable dashboards, integrated <br />reporting engine and AirWatch Hub to audit the web console and end -user actions. <br />For the SaaS environment logs, our Information Security Team helps ensure that systems <br />generate audit records containing information that establishes what type of event occurred, when <br />the event occurred, where the event occurred, the source of the event, the outcome of the event, <br />and the identity of any individuals or subjects associated with the event. <br />FireEye <br />FireEye auditing and log review procedures are based on industry best practices and in <br />accordance with regulatory, statutory, contractual and business requirements. Detailed audit <br />carahsoft 75 carahsoft <br />