Medium

Available on

Apple Android Windows

Security Incident Critical Log Review Checklist Mobile App

Use the Security Incident Critical Log Review Checklist app for reviewing critical logs when responding to a security incident. This security incident app can also be used for routine log review. Best of all, the security incident report template is fully customizable so that you can include any additional security incident related topics into the app. This may include topics such as security breaches, security events, security incident response, incident response plans, and more.

The submitted incident logs are automatically emailed to you and saved to the Cloud, making it easy for you to keep all of your incident logs in one place to streamline your incident management and incident response process.

  • Lendlease
  • The Cooperative
  • PG&E
  • oxy
  • Red Bull
  • Mirvac

Want to learn more about GoCanvas?

Request a Demo

Take a peek inside the Security Incident Critical Log Review Checklist Mobile App

Included Features

Our App Builder gives you the power to easily add and remove the ones you want. {{controller.show_all ? 'See included features.' : 'See more features.'}}

  • {{data.title}}

Included Fields

Customize to add, remove, or edit any of the fields below.

  • Ico checkbox

    Identify which log sources and automated tools you can use during the analysis.

  • Ico checkbox

    Copy log records to a single location where you will be able to review them.

  • Ico checkbox

    Minimize “noise” by removing routine, repetitive log entries from view after confirming that the...

  • Ico checkbox

    Determine whether you can rely on logs’ time stamps; consider time zone differences.

  • Ico checkbox

    Focus on recent changes, failures, errors, status changes, access and administration events, and...

  • Ico checkbox

    Go backwards in time from now to reconstruct actions after and before the incident.

  • Ico checkbox

    Correlate activities across different logs to get a comprehensive picture.

  • Ico checkbox

    Develop theories about what occurred; explore logs to confirm or disprove them.

  • Ico checkbox

    Server and workstation operating system logs

  • Ico checkbox

    Application logs (e.

  • Ico checkbox

    Security tool logs (e.

  • Ico checkbox

    Outbound proxy logs and end-user application logs

  • Ico checkbox

    Remember to consider other, non-log sources for security events.

  • Ico checkbox

    Linux OS and core applications: /var/log

  • Ico checkbox

    Windows OS and core applications: Windows Event Log (Security, System, Application)

  • Ico checkbox

    Network devices: usually logged via Syslog; some use proprietary locations and formats

  • Ico checkbox

    Successful user login “Accepted password”, “Accepted publickey”, "session opened”

  • Ico checkbox

    Failed user login “authentication failure”, “failed password”

  • Ico checkbox

    User log-off “session closed”

  • Ico checkbox

    User account change or deletion “password changed”, “new user”, “delete user”

  • Ico checkbox

    Sudo actions “sudo: … COMMAND=…” “FAILED su”

  • Ico checkbox

    Service failure “failed” or “failure”

  • Ico checkbox

    Event IDs are listed below for Windows 2000/XP.

  • Ico checkbox

    Most of the events below are in the Security log; many are only logged on the domain controller

  • Ico checkbox

    User logon/logoff events Successful logon 528, 540; failed logon 529-537, 539; logoff 538, 551, etc

  • Ico checkbox

    User account changes Created 624; enabled 626; changed 642; disabled 629; deleted 630

  • Ico checkbox

    Password changes To self: 628; to others: 627

  • Ico checkbox

    Service started or stopped 7035, 7036, etc.

  • ...and More!

Related Other Services Apps... and they're all free for GoCanvas subscribers!

App Name

Security Audit: General Assessment

The Security Audit: General Assessment mobile app offers a helpful checklist for conducting business and home security aud...

App Name

Airport Security Badge Application

The Airport Security Badge Application mobile app allows airport personnel to complete and submit a security badge applica...

App Name

Security Record Business Valuables

It is very important to keep a written record of your valuables. A business inventory can be very helpful in cases of thef...

App Name

Physical Vulnerability Survey

This Physical Vulnerability Survey Mobile App assists risk assessment practices through including questions pertaining to ...

App Name

Financial Controls Checklist

Working in a finance management position? Management professionals use financial statements, management assessment and bud...

App Name

Security Audit: Property Controls

The Security Audit: Property Controls mobile app is part of a security assessment. The app can be completed as a self insp...

App Name

Security Guard Daily Log Form

The Security Guard Daily Log Form is a fast and easy way for security personnel to log daily activities and incidents with...

App Name

Security Audit: Vehicle Control

The Security Audit: Vehicle Control mobile app is part of a security assessment. The app can be completed as a self inspec...

More Information