{"id":23296,"date":"2022-06-07T06:45:48","date_gmt":"2022-06-07T10:45:48","guid":{"rendered":"https:\/\/www.eginnovations.com\/blog\/?p=23296"},"modified":"2022-10-11T02:19:14","modified_gmt":"2022-10-11T06:19:14","slug":"auditing-capabilities-in-it-monitoring-tools-for-security-and-compliance","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/auditing-capabilities-in-it-monitoring-tools-for-security-and-compliance\/","title":{"rendered":"Auditing Capabilities in IT Monitoring Tools for Security and Compliance"},"content":{"rendered":"
\n

<\/span>Logging and Auditing in IT Monitoring Tools<\/span><\/h2>\n

It is critical that access to any configuration changes or management actions made to monitoring platforms are logged and traceably audited. In this article, I will help you learn how to discover the auditing capabilities in IT monitoring tools. You will learn how to audit and manage the monitoring platform itself and make sure that it is being used appropriately. In a future article, I intend to focus more on how to leverage and evaluate features in monitoring tools to audit and track configuration changes of the applications and systems they monitor – e.g., auditing the use of scripts and remote control actions<\/a> from the tool and automatically tracking changes such as adding a new hypervisor or server to the infrastructure landscape.<\/p>\n

\"\"As an enterprise monitoring solution, eG Enterprise<\/a> offers a powerful platform to provide unified end-to-end monitoring of applications, infrastructure, and third-party services by leveraging APIs (Application Programming Interfaces) and supported interfaces. As with any monitoring tool, care must also be taken to control permissions and privileges and access to the tool itself to ensure that the deep insights provided are only accessed by the authorized staff in a traceable and auditable manner. Role Based Access Control (RBAC)<\/a> features are a de facto standard for monitoring tools.<\/p>\n

Moreover, it is best practice to ensure proactive auditing detects and eliminates any rogue or malicious operators operating from outside or even from within the organization. Many freeware and entry-level tools are woefully inadequate in this area, failing to even record logins to the monitoring platform let alone configuration changes made to how monitoring is performed or what is to be monitored. Depending on which industry you are in, you may have to comply with industry standards, such as HIPAA, SOX, etc., that may require you to have controls over all the tools you have in place. Auditing is an important way in which you prove compliance with these standards as far as a monitoring tool is concerned.<\/p>\n

The consoles, dashboards and reports associated with a monitoring platform are relied upon by organizations within critical business processes and relied upon by individual employees to perform specific tasks and roles. Uncontrolled or untraceable changes to your monitoring configuration and interfaces can impact on your staff\u2019s work routines and, ultimately, the ability of a business to deliver highly available applications and services to end customers and employees. While auditing is mainly focused on admin changes, you can also use it to track new dashboards or dashboard templates being created or being manipulated.<\/p>\n

Auditing is not just for security. It also helps determine why the monitoring tool is sometimes misbehaving or baselines and frequency of alerts have changed – e.g., if someone changes thresholds incorrectly. Auditing changes can alert you to changes that should not have been made or users who may need additional training and allows the ownership of decisions to be tracked and decisions questioned.<\/p>\n

When evaluating a monitoring platform, you should consider what audit logs are supported, the coverage of the auditing, and how easily you can access and automatically audit the data collected without resorting to manual inspection and parsing of text files. The problem is more severe in a SaaS configuration, where the management console is accessible over the Internet, making it more vulnerable to external attackers.<\/p>\n

<\/span>Top Auditing Features for Monitoring Platforms and Tools<\/span><\/h3>\n
\n

Change configuration and auditing features are now critical features that need to be evaluated when selecting monitoring platforms and tools and any solution adopted in a corporate or regulated environment MUST include:<\/p>\n

    \n
  1. Auditing successful and failed logins to the monitoring platform<\/a><\/li>\n
  2. Auditing configuration changes made to the monitoring platform, including details of previous configurations as well as the new changes<\/a><\/li>\n
  3. Auditing of automated and scripted actions and bulk operations<\/a><\/li>\n
  4. The ability to export audit reports in flexible formats and automate the scheduling audit reporting for compliance<\/a><\/li>\n
  5. Full auditing available regardless of the deployment architecture chosen for eG Enterprise – on-premises, in cloud, and SaaS (Software as a Service) Ready-to-go<\/a><\/li>\n<\/ol>\n<\/div>\n

    <\/span>1. Auditing of Logins to the Monitoring Platform<\/span><\/h3>\n

    A significant failing in many freeware or entry level products is the failure to even log or audit user access to the monitoring product, and for any enterprise-grade organization, this is usually a red flag to adoption because of the compliance implications. eG Enterprise records each and every administrator login and provides out-of-the-box audit reports that allow both proactive monitoring and forensic analysis of user behaviors and actions performed. Failed logins are also audited assisting the detection of many types of malicious attempts to breach security measures.<\/p>\n

    At a minimum for a successful login, data to be captured includes:<\/p>\n