ArcSight Report Listing

Compliance Insight Package – PCI Reports

PCI - VPN Configuration Changes
PCI - Untrusted System Activity to Cardholder Systems
PCI - Open Ports by Device
PCI - Network Equipment Configuration Changes
PCI - Firewall Configuration Changes
PCI - Disallowed Ports - Untrusted to DMZ
PCI - Disallowed Ports - DMZ to Cardholder Data
PCI - Cardholder System Activity to Untrusted Systems
PCI - Vulnerabilities - For All Assets
PCI - Top PCI Suspicious of Insecure Transmissions
PCI - Separation of Services - Web Services - Scanner
PCI - Separation of Services - Web Services
PCI - Separation of Services - Database Services - Scanner
PCI - Separation of Services - Database Services
PCI - Separation of Services - DNS Services - Scanner
PCI - Separation of Services - DNS Services
PCI - Insecure Services - Scanner
PCI - Default Account Usage
PCI - Credit Card Numbers in Clear Text
PCI - Top Unencrypted Cardholder Data Transmissions
PCI - Top Unencrypted Cardholder Data Targets
PCI - Top Unencrypted Cardholder Data Sources
PCI - ePO Out of Compliance - Signature Level Report
PCI - ePO Compliance Report
PCI - ePO Anti-Virus Signature Distribution
PCI - Trend Micro Signature Level Report
PCI - Trend Micro Compliance Report
PCI - Trend Micro Anti-Virus Signature Distribution
PCI – OWASP Vulnerability Report
PCI - Global Antivirus Signature Level Report
PCI - By Virus - Virus Summary
PCI - By Host - Virus Summary
PCI - Anti-Virus Updates - All - Summary
PCI - Anti-Virus Updates - All - Failed
PCI - Anti-Virus Report - Detailed
PCI - Anti-Virus Disabled Systems
PCI - Operating System Changes
PCI - Device Configuration Modifications
PCI - Application Modifications
PCI - Unauthorized Access of Cardholder Data Systems
PCI - Windows Account Lockouts by User
PCI - Windows Account Lockouts by System
PCI - Terminated User Account Activity
PCI - Password Changes
PCI - Password Change Needed
PCI - Inactive User Account Detected

Confidential Page 1 7/11/2007

ArcSight Report Listing
PCI - Failed Database Access
PCI - Database Access - All
PCI - Authorization Changes
PCI - Account Deletion
PCI - Account Creation
PCI - Physical Access System Account Modification
PCI - Physical Access System Account Deletion
PCI - Physical Access System Account Creation
PCI - Contractor Building Access After Hours
PCI - Building Access
PCI - Users Accessing Cardholder Systems
PCI - File Related Activity
PCI - File Modifications
PCI - File Deletions
PCI - File Creations
PCI - Failed Resource Access
PCI - Failed Administrative Logins
PCI - Audit Log Cleared
PCI - Agents Reporting Inaccurate Times
PCI - Administrative Logins
PCI - Administrative Actions - Cardholder Systems
PCI - Suspicious Events Targeting PCI Systems
PCI - NIDS Signature Review
PCI - HIDS Signature Review
PCI - Failed Anti-Virus Updates
PCI - Attacks Targeting PCI Systems
PCI - Vulnerabilities - Top 10 Assets
PCI - Vulnerabilities - Top 10
PCI - Vulnerabilities - Count by Asset
PCI - Today's Cases
PCI - Third-Party - User Logins and Logouts
PCI - Third-Party - Unsuccessful User Logins
PCI - Third-Party - Unsuccessful Administrative Logins
PCI - Third-Party - Administrative Logins and Logouts
PCI - Third Party Sourced Network Traffic
PCI - Third Party Sourced Attacks
PCI - Operational Impact Chart
PCI - Open Cases
PCI - Max Time to Resolution - By User
PCI - Case Stage Counts
PCI - Case Chart
PCI - Average Time to Resolution - By User
PCI - Average Time to Resolution - By Day
PCI - Average Time to Resolution - By Case Severity
PCI - All Reporting Devices
PCI - All Cases
PCI - Vulnerabilities - For All Assets
PCI - Vulnerabilities - For a Specific Asset

Confidential Page 2 7/11/2007

ArcSight Report Listing
PCI – Default Vulnerability Report
PCI - Executive Report
PCI - Executive Summary Case Metrics

Confidential Page 3 7/11/2007