Diff: FAQ #1074
Is IDS required if centralized log correlation is in place?
Earlier Version
Later Version
Removed
Added
Although log correlation is a valuable tool in a company?s information security strategy, it is not a replacement for intrusion detection mechanisms, such as IDS/IPS. Intrusion detection mechanisms provide proactive detection of threats coming into the network by comparing network traffic against known ?signatures? or behaviors of different compromise types (e.g. hacker tools, Trojans, and other malware). Intrusion-detection and/or intrusion-prevention techniques are required by PCI DSS Requirement 11.4.
Logs from the intrusion-detection and/or intrusion-prevention mechanisms should be included in the daily log reviews, as required in PCI DSS Requirement 10.6.1. Note that the use of log harvesting, parsing, and alerting tools can bea valuable tool in a company?s information security strategy, it is not a replacement for an intrusion detection system. The IDS wording in PCI DSS requirement 10.6 is notused to implyfacilitate the process by identifying log events that log parsing tools are an alternativeneed to IDS, but rather that IDS logs should be included in the daily log reviews required by PCI DSS requirement 10.6. These daily log reviews can be done by log parsing tools. Please refer to PCI DSS requirement 11.4, which require that either network IDS, host-based IDS, or IPS be in place to monitor all network traffic. For more specific information, please contact the individual payment card brands.reviewed.
Logs from the intrusion-detection and/or intrusion-prevention mechanisms should be included in the daily log reviews, as required in PCI DSS Requirement 10.6.1. Note that the use of log harvesting, parsing, and alerting tools can be
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.