Which Assets were Impacted?
In order to identify which assets are impacted by malicious activities, PCI Requirement 10.3.6 requires that every log details the identity or name of affected data, system component, or resource. This will help organizations identify what malicious actions were taken and what the defense was.
Through interviews and observation, auditors will try to verify that the identity or name of affected data, system component, or resource is included in log entries.
Every log that’s generated needs to contain the identity of the asset that was trying to be accessed or manipulated, so that we can identify what was messed with, what was done, or what it was done to as part of the log defense.