North American Electric Reliability Corporation (NERC) Compliance Content Pack

Overview

Many organizations are subject to regulations that mandate the collection and analysis of specific types of events for detecting and responding to suspicious activity. This content pack supports and simplifies your organization's efforts to meet NERC compliance requirements, enabling visibility into your compliance status and ensuring accurate reporting for audits.

Content Pack Components

Views
  • CIP-002 (Folder)
    • NERC - Critical Assets High Severity Event
  • CIP-003 (Folder)
    • NERC - Accessed Port Summary - Outbound
    • NERC - Account Lockouts
    • NERC - Account Management
    • NERC - Admin User Account Changes
    • NERC - Admin User Login Failure
    • NERC - Admin User Login Success
    • NERC - All Application Logins
    • NERC - All Database Logins
    • NERC - All Domain Account Logon Events
    • NERC - All Domain Acct Logon Failures
    • NERC - All Domain Acct Logon Successes
    • NERC - All Network Device Logins
    • NERC - All OS Logins
    • NERC - All Policy Changes
    • NERC - All Security Device Logins
    • NERC - All VPN Logins
    • NERC - Application Configuration Changes
    • NERC - Audit Policy Changes
    • NERC - Change Event Summary
    • NERC - Cisco Configuration Changes
    • NERC - Critical Authentication Issues
    • NERC - Critical System Changes
    • NERC - Domain Admin Account Logon Failures
    • NERC - Domain Admin Account Logon Success
    • NERC - Domain Admins-Admin Grp Acct Chg
    • NERC - Domain Admins-Admin Grp Chg
    • NERC - Domain Trust Rel Policy Changes
    • NERC - Host-Based IDS Report -Whitelisting
    • NERC - Local Login Failures
    • NERC - Local Login Success
    • NERC - Login Failures
    • NERC - Login Success
    • NERC - Logon Logoff Summary
    • NERC - Network Device Configuration Change
    • NERC - Network Login Failures
    • NERC - Network Login Success
    • NERC - Oracle Logons
    • NERC - Oracle Privileged Logons
    • NERC - Security Device Config Changes
    • NERC - Server Desktop Account Lockouts
    • NERC - Server Desktop Admin Acct Logon Fail
    • NERC - Server Desktop All Logon Failures
    • NERC - Server Desktop All Logon Logoff Events
    • NERC - Server Desktop Logon Logoff Success
    • NERC - System Configuration Changes
    • NERC - Terminal Server Logon Logoff Success
    • NERC - Terminal Server Session Discon-Recon
    • NERC - User Account Creation or Deletion
    • NERC - User Account Lockouts
    • NERC - User Account Password Changes
    • NERC - User Rights Policy Changes
    • NERC - Win Privileged Interactive Logons
    • NERC - Win Privileged Network Logons
    • NERC - Win Privileged Service Logons
    • NERC - Windows Audit Policy Changes
    • NERC - Windows Interactive Logons
    • NERC - Windows Network Logons
    • NERC - Windows Service Logons
  • CIP-004 (Folder)
    • NERC - Password Changes and Resets
    • NERC - User Account Created
    • NERC - User Accounts Modified
    • NERC - User Groups Added
    • NERC - User Groups Modified
  • CIP-005 (Folder)
    • NERC - Accessed Port Summary - Inbound
    • NERC - Accessed Port Summary - Out Deny
    • NERC - Allowed Inbound Port Summary
    • NERC - Allowed Outbound Connections
    • NERC - Asset Vulnerability Summary
    • NERC - Asset Vulnerability with Severity
    • NERC - Denied Outbound Connections
    • NERC - Monitoring Electronic Access
    • NERC - Most Frequent Vulnerabilities
    • NERC - Open Ports Summary
    • NERC - Password Guessing Events
    • NERC - Ports and Services Discovery
    • NERC - Top Vulnerability Categories
    • NERC - Top Vulnerable Assets
    • NERC - Vulnerabilities and Events
  • CIP-006 (Folder)
    • NERC - Local Login Failure
    • NERC - Local Login Successes
  • CIP-007 (Folder)
    • NERC - Abnormal System Shutdown
    • NERC - Account Sharing Summary
    • NERC - Administrator Access Summary
    • NERC - Allowed Connections Suspicious Port
    • NERC - Anti-malware Deployed
    • NERC - Anti-malware Process Stopped
    • NERC - Anti-malware Protection Disabled
    • NERC - Anti-malware Protection Events
    • NERC - Anti-malware Scan Summary
    • NERC - Anti-malware Update Failure
    • NERC - Anti-malware Update Success
    • NERC - Automatic Updates Disabled
    • NERC - Critical Anti-malware Issues
    • NERC - Event Type Summary
    • NERC - Host-Based IDS Report - CoreTrace
    • NERC - Hosts with the Most Malware
    • NERC - Hosts without Malware Protection
    • NERC - Malicious Software Prevention
    • NERC - Patch Failed to Install
    • NERC - Patch Update-Success
    • NERC - System Restarts
    • NERC - System Shutdowns
    • NERC - Top Malware Types Detected
    • NERC - User Account Access Summary
    • NERC - User Account Deleted
    • NERC - User Account Disabled
    • NERC - User Account Password Actions
    • NERC - User Account Privileges Modified
    • NERC - User Group Privileges Modified
  • CIP-009 (Folder)
    • NERC - Backup Initiated

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial