HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring

The Health Insurance Portability and Accountability Act (HIPAA) Security Audit reports show available documentation and compliance artifacts that help you demonstrate compliance with requirements of the HIPAA Security Rule, as outlined in the HIPAA Audit Protocol.

This report provides login incidents for monitoring and review to help you demonstrate compliance with HIPAA 164.308(a)(5)(ii)(C).

To access the HIPAA 164.308(a)(5)(ii)(C) report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under HIPAA Security Audit, click VIEW.
  4. Click HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring.

The report summary page displays two columns. HIPAA Audit Protocol lists each audit protocol inquiry for testing the selected HIPAA Security Rule requirement. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that this report can generate for each protocol.

This report is composed of four pages, this Summary page, the Log Review Summary page, the Log Review Incidents page, and the Log Management Incidents page. Each page includes filters to specify the scope of the information you need to collect.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that your organization has procedures in place to monitor login attempts and report discrepancies.

In addition, this report includes links for quick access to the Incidents page in the Alert Logic console where auditors can search, observe, and review the details for Log Review and Log Management incidents.

Log Review Summary page

The Log Review Summary page summarizes the daily distribution of login incidents reviewed by Alert Logic analysts. You can use the information on this page to demonstrate that the daily log review process includes manual review of login attempts and discrepancies. You can also click a link for quick access to the Log Review incidents in the Alert Logic console where you can search for and view the details of the incidents.

To generate this report, from the Summary page, click Log Review Summary page. To refine your findings, you can filter this page by date range, customer account, and deployment name.

Status section

This section provides the status counts and percentages of total login incidents that the Alert Logic Security Operations Center (SOC) analysts closed and escalated for the selected period.

Log Review Incidents by Day and Status section

This section provides a stacked histogram chart that displays the daily status counts of total login incidents that the SOC analysts closed and escalated for the selected period.

Log Review Incident Summary Total section

This section displays the total, escalated, and closed login incident counts for each type of log review summary category for the selected period.

For more information about the incidents during the selected period, click the Monthly Log Review Report to be redirected to the Monthly Log Review report. To learn more about the Monthly Log Review report, see Monthly Log Review Report.

Log Review Incidents page

The Log Review Incidents page provides the daily distribution of Log Review incidents related to login attempts. You can use the information on this page to demonstrate that the daily log review process includes manual review of login attempts and discrepancies. You can also click a link for quick access to the Log Review incidents in the Alert Logic console where you can search for and view the details of the incidents.

To generate this report, from the Summary page, click Log Review Incidents page. To refine your findings, you can filter this page by date range and customer account.

Incident Count by Day section

This section provides the daily incident count and the total count for the selected period.

List of Incidents section

The list displays Log Review incidents for the selected filters. The list is organized by customer account, date created, detection source, incident ID, and summary.

Click Search Incidents to be redirected to the Incidents Lists page, which contains more information about the incidents in the selected period.

 

Log Management Incidents page

The Log Management Incidents page provides the daily distribution of Log Management incidents. You can use the information on this page to demonstrate that the daily review process includes an automated review of audit logs and access changes. You can also click the link for quick access to the Log Management incidents in the Alert Logic console where you can search for and view the details of the incidents.

To generate this report, from the Summary page, click Log Management Incidents page. To refine your findings, you can filter this page by date range and customer account.

Incident Count by Day section

This section provides the daily incident count and the total count for the selected period.

Threat Level section

This section displays the incident threat levels, the incident count for each threat level, and the percentage for each incident threat level in a color-coded bar graph in the selected filters. The threat levels are the following:

  • Critical: May represent a successful attack or breach
  • High: Requires immediate attention
  • Medium: Requires closer observation and monitoring
  • Low: Common violations and events
  • Info: No threat detected or used for correlation

Classification section

This section displays the classifications of incidents, the count for each incident classification, and the percentage for each incident classification in a color-coded bar graph in the selected filters.

Incident Type section

This section displays the types of incidents, the count for each incident types, and the percentage for each incident type in a color-coded bar graph in the selected filters.

List of Incidents section

The list displays Log Management incidents for the selected filters. The list is organized by customer account, date created, detection source, incident ID, summary, threat level, classification, and incident type.

Click Search Incidents to be redirected to the Incidents Lists page, which contains more information about the incidents in the selected period.