Lesson 9 of 9
In Progress

Use Case Reports Catalogue

The GSOC will be producing a series of reports based on the use cases that have been defined above. The reports generated can be consumed by both the technical teams as well as the management teams. We have listed below the reports for a few of the use cases to illustrate the nature of the reports

Tracking User Authentication
Login failures summaryUser session terminated summaryPassword changes detailAccounts createdAccounts modifiedAccounts deletedAccounts disabled
Privileged user monitoring
User session terminated summaryUser access revokedAccounts createdAccounts deletedOutbound network trafficHost/Firewall configuration changesSystem clock synchronisationFirewall configuration changesOrganisationware changes on wireless devicesChange in audit settings
Tracking System Changes
Host configuration changesSystem clock synchronisationFirewall configuration changesOrganisationware changes on devicesChange in audit settingsAccounts createdAccounts modifiedAccounts deletedAccounts disabled
Malware or Botnet
Configuration ChangesOutbound connection to known Command and Control CentresInbound connection to known Command and Control Centres
Monitoring user privileges and activities
Failed escalation of privileges Successful escalation of privileges detailed
Cross Organisation Events
No of Cross Organisation events identifiedNature of Cross Organisation incidents identified