Event data
Encyclopedia
Event data is a antonym to an audit trail
. Modern computer software applications and IT infrastructure have adopted the term event data over audit trail. Events are typically recorded in logs and there is no standard for the format of event type data.
Examples of the use of this new term to describe audit trails are becoming more common and the term is cited in the documentation of the Microsoft Event Viewer which provides visibility into events in the following logs: Application log, security log, System log, Directory service log, File Replication service log and DNS server log. http://technet2.microsoft.com/WindowsServer/f/?en/library/0cc21369-d815-40ad-8325-97e3762107b91033.mspx
meets the definition of an event data.
The contents of event data records are extremely crude and often meaningless unless correlated with other event data records.
Examples include business applications such as SAP
, Oracle
, IIS
and thousands of others.
Examples of IT infrastructure
includes servers, internetworking devices manufactured by Cisco
and others, telecommunication switches, a SAN
and message queues between systems.
Examples of security systems range from authentication applications including LDAP
and RACF as well as IDS
applications and other security systems.
A typical organization will have hundreds of sources of event records.
A single business transaction such as withdrawing cash from an Automated teller machine
(ATM) or a customer placing an order will generate several hundred event data records in dozens of federated log files. It is not uncommon for organizations to generate terabytes of event data every day.
The retention and ability to quickly inspect event data records has become a necessity for the purposes of detecting suspicious activity, insider threats and other security breaches.
says is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels 2006. Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.
Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.
EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004. http://www.ispai.ie/DR%20as%20published%20OJ%2013-04-06.pdf
Audit trail
Audit trail is a sequence of steps supported by proof documenting the real processing of a transaction flow through an organization, a process or a system.....
. Modern computer software applications and IT infrastructure have adopted the term event data over audit trail. Events are typically recorded in logs and there is no standard for the format of event type data.
Examples of the use of this new term to describe audit trails are becoming more common and the term is cited in the documentation of the Microsoft Event Viewer which provides visibility into events in the following logs: Application log, security log, System log, Directory service log, File Replication service log and DNS server log. http://technet2.microsoft.com/WindowsServer/f/?en/library/0cc21369-d815-40ad-8325-97e3762107b91033.mspx
Definition
Event data records are created whenever some sort of transaction occurs. Event data records are generated at an extremely granular level by business applications, IT infrastructure, and security systems. Almost any type of record that is created to record a transaction and affixed with a timestampTimestamp
A timestamp is a sequence of characters, denoting the date or time at which a certain event occurred. A timestamp is the time at which an event is recorded by a computer, not the time of the event itself...
meets the definition of an event data.
The contents of event data records are extremely crude and often meaningless unless correlated with other event data records.
Examples include business applications such as SAP
SAP ERP
The SAP ERP application is an integrated enterprise resource planning software manufactured by SAP AG that targets business software requirements of midsize and large organizations in all industries and sectors...
, Oracle
Oracle database
The Oracle Database is an object-relational database management system produced and marketed by Oracle Corporation....
, IIS
Internet Information Services
Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
and thousands of others.
Examples of IT infrastructure
Infrastructure
Infrastructure is basic physical and organizational structures needed for the operation of a society or enterprise, or the services and facilities necessary for an economy to function...
includes servers, internetworking devices manufactured by Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
and others, telecommunication switches, a SAN
Storage area network
A storage area network is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices...
and message queues between systems.
Examples of security systems range from authentication applications including LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
and RACF as well as IDS
IDS
- Computing :* IBM Informix Dynamic Server, a relational database management system sold by IBM* Ideographic Description Sequence, a new presentation for encoded characters in Unicode...
applications and other security systems.
A typical organization will have hundreds of sources of event records.
A single business transaction such as withdrawing cash from an Automated teller machine
Automated teller machine
An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...
(ATM) or a customer placing an order will generate several hundred event data records in dozens of federated log files. It is not uncommon for organizations to generate terabytes of event data every day.
The retention and ability to quickly inspect event data records has become a necessity for the purposes of detecting suspicious activity, insider threats and other security breaches.
Regulatory compliance implications
Since the passage of the Sarbanes-Oxley Act of 2002 and other regulatory compliance mandates, the requirement for retention of event data has become mandatory for passing audits. http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.2.aspxEU Data Retention Directive implications
New legislation tied to combat terrorism such as The EU Data Retention Directive legislation, which the European UnionEuropean Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
says is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels 2006. Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.
Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.
EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004. http://www.ispai.ie/DR%20as%20published%20OJ%2013-04-06.pdf