BCA/CJDN Compliance [MNJIS-5002]
Article ID: 509
Category: Compliance
Applies to: 5.1.1 and later
Updated: 2024-04-30
EventSentry can help users be compliant with MNJIS-5002 and help secure CJI (criminal justice information). The BCA package contains a number of event log rules that can detect a variety of security incidents including:
- Issues with the Windows audit subsystem
- Lateral movement on the network
- Performance issues
- Port scans initiated from a host
- Excessive failed logons
- Permission changes
- Suspicious network traffic
- User accounts created
- User password changes
It's recommended to tweak some of the filters in this package to reduce false positives, in particular:
- Port Scan Initiated (adjust threshold)
- Security Misc\Object Permission Change (exclude paths)
- Security Misc\Malicious Network Traffic (exclude executables or IP addresses)
es_bca.jsonFor more security-related features in EventSentry click here.
