Security Event Log definition
Security Event Log means any event, notification or alert that a device, systems or software is technically capable of producing in relation to its status, functions and activities. Security Events Logs are not limited to security devices, but are applicable to all devices, systems and software that are technically capable of producing event logs that can be used in security investigations, auditing and monitoring. Examples of Systems that can produce security event logs are, but not limited to: firewalls, intrusion prevention systems, routers, switches, content filtering, network traffic flow logs, network, authentication services, directory services, DHCP, DNS, hardware platforms, virtualization platforms, servers, operating systems , web servers, databases, applications , application/layer 7 firewalls.
Security Event Log means a system that Logs e.g. access or attempted access to systems, resources and data (including personal data); changes to system configuration and policies; use of privileges or utility programs and applications; files accessed or deleted; alarms raised by the access control system; activation and deactivation of security systems; account management events; system errors and warnings; restart or shutdown of an application or system itself; or any other significant action that could impact security.
Security Event Log means event logs that can be used in security, auditing or monitoring and can give rise to a security incident, information incident or security investigation. For clarity, Security Event Logs are not limited to those generated by security devices, but are those generated by all devices, systems and software that are technically capable of producing event logs that can be used in security investigations, auditing and monitoring. The guiding principle for Security Event Logs is the mandatory enablement of logging to ensure post determination of what identity performed what action, when, and from where (IP address).