BCA/CJDN Compliance [MNJIS-5002]

EventSentry can help users be compliant with MNJIS-5002 and help secure CJI (criminal justice information). The BCA package contains a number of event log rules that can detect a variety of security incidents including:

• Issues with the Windows audit subsystem
• Lateral movement on the network
• Performance issues
• Port scans initiated from a host
• Excessive failed logons
• Permission changes
• Suspicious network traffic
• User accounts created
• User password changes

It's recommended to tweak some of the filters in this package to reduce false positives, in particular:

• Port Scan Initiated (adjust threshold)
• Security Misc\Object Permission Change (exclude paths)
• Security Misc\Malicious Network Traffic (exclude executables or IP addresses)

es_bca.json

For more security-related features in EventSentry click here.