Why you need log management and Incident monitoring
The Indian Computer Emergency Response Team (CERT-In) has announced mandatory new cyber security guidelines on 28 April 2022 for all service providers, intermediaries, data centres, body corporate and Government organizations . The failure to furnish the information or non-compliance with the ibid. directions, may invite punitive action under sub-section (7) of the section 70B of the IT Act, 2000 and other laws as applicable.
180-day log retention
All service providers, intermediaries, data centers, body corporates and Government organizations are mandated to enable the logs of all their ICT systems and maintain them securely for a rolling period of 180 days. Indian jurisdiction will maintain the same.
 Typical security relevant data sources
| Security infrastructure | Server Infrastructure |
|---|---|
| Endpoint protection (EDR, AV) | Windows server |
| Firewalls | Linux server |
| Active Directory | Web server |
| Web Proxy | DNS server |
| Network IDS / IPS | IaaS |
| Authentication | AWS |
| DLP solution | Azure |
| Network Infrastructure | GCP |
| Routers (via syslog server) | |
| Switches (via syslog server) |
| Security infrastructure |
|---|
| Endpoint protection (EDR, AV) |
| Firewalls |
| Active Directory |
| Web Proxy |
| Network IDS / IPS |
| Authentication |
| DLP solution |
| Network Infrastructure |
| Routers (via syslog server) |
| Switches (via syslog server) |
| Server Infrastructure |
| Windows server |
| Linux server |
| Web server |
| DNS server |
| IaaS |
| AWS |
| Azure |
| GCP |
6-hour reporting of cybersecurity events
Any service provider, intermediary, data centre, body corporate and Government organization shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents.
Incidents Mandatory to Report
| Types of cyber security incidents mandatorily to be reported |
|---|
| Targeted scanning/probing of critical networks/systems |
| Compromise of critical systems/information |
| Unauthorised access of IT systems/data |
| Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc. |
| Attack on servers such as Database, Mail and DNS and network devices such as Routers |
| Identity Theft, spoofing and phishing attacks |
| Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks |
| Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks |
| Attacks on Application such as E-Governance, E-Commerce etc. |
| Data Breach |
| Data Leak |
| Attacks on Internet of Things (IoT) devices and associated systems,networks, software, servers |
| Attacks or incident affecting Digital Payment systems |
| Unauthorised access to social media accounts |
| Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications |
| Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones |
| Attacks or malicious/ suspicious activities affecting systems/servers/software/ applications related to Artificial Intelligence and Machine Learning |
| Types of cyber security incidents mandatorily to be reported |
|---|
| Targeted scanning/probing of critical networks/systems |
| Compromise of critical systems/information |
| Unauthorised access of IT systems/data |
| Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc. |
| Attack on servers such as Database, Mail and DNS and network devices such as Routers |
| Identity Theft, spoofing and phishing attacks |
| Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks |
| Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks |
| Attacks on Application such as E-Governance, E-Commerce etc. |
| Data Breach |
| Data Leak |
| Attacks on Internet of Things (IoT) devices and associated systems,networks, software, servers |
| Attacks or incident affecting Digital Payment systems |
| Unauthorised access to social media accounts |
| Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications |
| Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones |
| Attacks or malicious/ suspicious activities affecting systems/servers/software/ applications related to Artificial Intelligence and Machine Learning |
Our Offerings
Accounts
Free Trial
Projects
Essentials
Log Management
Meet the 180-day rolling logs requirement
· Leverage a Gartner leading platform, utilized by 90+ customers of the global Fortune 500
· Take advantage of flexible deployment options (on-premise or SaaS)
· Attractive pricing to fit your budget
· Fast time to value: Be compliant in as soon as 2-3 weeks
Advanced
Log Management + Security Analytics
Meet the incident monitoring requirement
Everything in Essential, plus:
· Deploy robust security rules to operate on integrated log data
· Generate alerts and notifications in case of potential incidents
· Leverage powerful dashboarding and querying capabilities for investigation
· Make use of integrated ticketing capabilities for incident management
Premium
Log Management + Security Analytics + IT Operations Analytics (ITOA)
Get maximal ROI on log management investment
Everything in Advanced, plus:
· Deploy Windows / Linux server monitoring use cases
· Deploy app / web / database server monitoring use cases
· Deploy network device monitoring use cases
· Deploy AWS / Azure / GCP monitoring use cases, and much more
Solutions Screenprints
