Hi everyone,
Is there an option to implement reporting rules aligned with best practices such as NIS2 (e.g., for monitoring privileged account activities, particularly root/admin/administrator accounts)?
For example, a quarterly report covering reviews carried out by SEC teams, including verification of assigned permissions to these consoles and root/admin accounts.
Dear support team, do such rules exist in Energylog Server? If so, where can I find them and how can I configure such alerts?
• logins at unusual hours (e.g., at night),
• granting new permissions / privileges,
• verification whether privileged accounts have MFA enabled,
• logins from unusual or similar geolocations,
• attempts to delete logs from inventoried consoles,
• use of root accounts instead of named accounts (if applicable),
• privilege escalation (e.g., switching from a standard account to admin/root).
Or are there other alerts that could also help in this area?
Thank you for all your help.
