The Sarbanes-Oxley (SOX) was a law passed by the United States Congress in response to corporate financial councils. Although the law mainly focuses on financial reporting and accountability, some requirements within the regulation mandate cybersecurity guidelines.
Link to SOX documentation: https://www.sec.gov/files/rules/proposed/s74002/card941503.pdf
Link to download SOX content pack: https://cortex.marketplace.pan.dev/marketplace/details/XSIAMCompliance_SOX/
SOX | Widget Name | Description |
---|---|---|
SOX Section 302: Access Control | Access Control | Implement policies and procedures to monitor access to systems. Use this widget to query login events. |
SOX 302: Configuration Management | Policy/Config Management | Implement policies and procedures to monitor and maintain secure configurations. Use this widget to query host application versions. |
SOX 302: Incident Response | Threat Protection/Incident Response | Implement policies and procedures to detect, respond to, and recover from security incidents. Use this widget to query incidents. |
SOX Section 302.5.A - 302.5.B: Detect Security Breaches | Continuous Monitoring | Implement policies and procedures to assess, authorize, and monitor systems. Use this widget to query RDP and SMB access. |
SOX 302: Audit and Accountability | Audit Controls | Implement policies and procedures to monitor, record, and review system activities. Use this widget to query active directory information. |
SOX Section 302: Track Data Access | PII/PHI/Data Access | Implement policies and procedures to limit access to PII. Use this widget to query outbound requests. |
V1 required data source(s): XDM
V2 required data source(s): xdr_data, host_inventory, endpoints, incidents, pan_ngfw_traffic_raw
Requirements
This compliance pack pulls information from Cortex XSIAM that has been ingested and mapped to the following data sources. In order for the dashboards and reports to function properly it is important that these sources have ingested data.