Medium

Available on

Apple Android Windows

Security Incident Critical Log Review Checklist Mobile App

Use the Security Incident Critical Log Review Checklist app for reviewing critical logs when responding to a security incident. This security incident app can also be used for routine log review. Best of all, the security incident report template is fully customizable so that you can include any additional security incident related topics into the app. This may include topics such as security breaches, security events, security incident response, incident response plans, and more.

The submitted incident logs are automatically emailed to you and saved to the Cloud, making it easy for you to keep all of your incident logs in one place to streamline your incident management and incident response process.

  • Lendlease
  • The Cooperative
  • PG&E
  • Red Bull
  • Mirvac

Want to learn more about GoCanvas?

Request a Demo

Take a peek inside the Security Incident Critical Log Review Checklist Mobile App

Included Features

Our App Builder gives you the power to easily add and remove the ones you want. {{controller.show_all ? 'See included features.' : 'See more features.'}}

  • {{data.title}}

Included Fields

Customize to add, remove, or edit any of the fields below.

  • Ico checkbox

    Identify which log sources and automated tools you can use during the analysis.

  • Ico checkbox

    Copy log records to a single location where you will be able to review them.

  • Ico checkbox

    Minimize “noise” by removing routine, repetitive log entries from view after confirming that the...

  • Ico checkbox

    Determine whether you can rely on logs’ time stamps; consider time zone differences.

  • Ico checkbox

    Focus on recent changes, failures, errors, status changes, access and administration events, and...

  • Ico checkbox

    Go backwards in time from now to reconstruct actions after and before the incident.

  • Ico checkbox

    Correlate activities across different logs to get a comprehensive picture.

  • Ico checkbox

    Develop theories about what occurred; explore logs to confirm or disprove them.

  • Ico checkbox

    Server and workstation operating system logs

  • Ico checkbox

    Application logs (e.

  • Ico checkbox

    Security tool logs (e.

  • Ico checkbox

    Outbound proxy logs and end-user application logs

  • Ico checkbox

    Remember to consider other, non-log sources for security events.

  • Ico checkbox

    Linux OS and core applications: /var/log

  • Ico checkbox

    Windows OS and core applications: Windows Event Log (Security, System, Application)

  • Ico checkbox

    Network devices: usually logged via Syslog; some use proprietary locations and formats

  • Ico checkbox

    Successful user login “Accepted password”, “Accepted publickey”, "session opened”

  • Ico checkbox

    Failed user login “authentication failure”, “failed password”

  • Ico checkbox

    User log-off “session closed”

  • Ico checkbox

    User account change or deletion “password changed”, “new user”, “delete user”

  • Ico checkbox

    Sudo actions “sudo: … COMMAND=…” “FAILED su”

  • Ico checkbox

    Service failure “failed” or “failure”

  • Ico checkbox

    Event IDs are listed below for Windows 2000/XP.

  • Ico checkbox

    Most of the events below are in the Security log; many are only logged on the domain controller

  • Ico checkbox

    User logon/logoff events Successful logon 528, 540; failed logon 529-537, 539; logoff 538, 551, etc

  • Ico checkbox

    User account changes Created 624; enabled 626; changed 642; disabled 629; deleted 630

  • Ico checkbox

    Password changes To self: 628; to others: 627

  • Ico checkbox

    Service started or stopped 7035, 7036, etc.

  • ...and More!

Related Other Services Apps... and they're all free for GoCanvas subscribers!

App Name

Bike Registration Form

What can you do to keep your bike from being stolen? This Bike Registration Form mobile app is an easy way to register you...

App Name

Wireless LAN Security Checklist

The Wireless LAN Security Checklist mobile app consists of two sections. Section one lists the mandatory security requirem...

App Name

Arrest and Conviction Form

Use the Arrest and Conviction Form mobile app to complete questionnaire pertaining to each arrest, indictment and/or convi...

App Name

Security Audit: Policies and Program

The Security Audit: Policies and Programs mobile app is part of a security assessment. The app can be completed as a self ...

App Name

Security Audit: Interior Physical Cha...

The Security Audit: Interior Physical Characteristics mobile app is part of a security assessment. The app can be complete...

App Name

Security Audit: Exterior Physical Cha...

The Security Audit: Exterior Physical Characteristics mobile app is part of a security assessment. The app can be complete...

App Name

Security Audit: Assets

The Security Audit: Assets mobile app is part of a security assessment. The app can be completed as a self inspection or b...

App Name

Travel Protocol Checklist

The Travel Protocol Checklist mobile app is designed to ensure the safety of employees by making sure they follow set trav...

More Information