sales@trestlenetworks.com 720.446.0125

Log Collection & Retention Services

Failure to retain key infrastructure logs can result in both compliance fines and gaps in your security posture. Trestle Networks’ Log Collection & Retention Services are essential for meeting the compliance and short/long-term security requirements for your business.

Key Features

●      Syslog-based event collection for applications, servers, endpoints, firewalls and, switches, Wi-Fi access points and other infrastructure

●      366-day retention in US-based Azure cloud storage

●      Meets compliance requirements described in muliple compliance standards including CJIS, HIPAA and PCI-DSS

●      Integrates with separately purchased Managed Network Services' for real-time monitoring network infrastructure login attempts and specific forwarded traffic

●      Retrieval and analysis of log events, as requested

HIPAA

WHAT YOU MUST LOG

  • Access to ePHI (logons/logoffs, file access)

  • Changes to user privileges or system security settings

  • Audit log enable/disable actions

  • Any detectable security events

MINIMUM RETENTION PERIOD

  • 6 years (federal baseline; longer if required by state law or contract) 

REVIEW & MONITORING REQUIREMENTS

  • Periodic review of system activity logs (frequency based on risk analysis)

PCI-DSS 3.2

WHAT YOU MUST LOG

  • Individual user access to cardholder data

  • Actions by privileged/root users - Invalid access attempts

  • Use of audit log functions - Creation/deletion of system objects

  • Security event changes (e.g., firewall rules, IDS config)

MINIMUM RETENTION PERIOD

  • 1 year

  • With at least 3 months immediately available online

REVIEW & MONITORING REQUIREMENTS

  • Daily review (automated tools permitted) of logs from all in-scope systems and critical security components

CJIS

WHAT YOU MUST LOG

  • User logons/logoffs

  • Privileged operations

  • Changes to access controls or security configurations

  • All defined auditable events on systems handling CJI

MINIMUM RETENTION PERIOD

  • Minimum 1 year (longer if required by agency policy or statute)

REVIEW & MONITORING REQUIREMENTS

  • Periodic review (frequency defined by agency risk assessment)

  • Real-time alerting for certain events