North American Electric Reliability Corp (NERC)

Use the IBM Security QRadar NERC Content Extension to closely monitor your deployment for NERC regulations.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar NERC Content Extension V1.0.2

The following content is removed in IBM Security QRadar NERC Content Extension V1.0.2.

Table 1. Content Removed in IBM Security QRadar NERC Content Extension V1.0.2
Type Name
Custom Property AccountName
Saved Search User Account Added By User
Saved Search User Account Modified By User
Saved Search User Account Removed By User

IBM Security QRadar NERC Content Extension V1.0.1

Saved searches are now shared by default, and assigned to the correct groups.

IBM Security QRadar NERC Content Extension V1.0.0

The following building blocks are included in IBM Security QRadar NERC Content Extension V1.0.0.

  • BB:CategoryDefinition: Authentication Failures
  • BB:CategoryDefinition: Authentication Success

The following reports are included in IBM Security QRadar NERC Content Extension V1.0.0.

  • Daily NERC-CIP-005-R3 - Successful Login Attempts by NetworkGroup
  • Daily NERC-CIP-005-R3 - Unsuccessful Logins Summary
  • Daily NERC-CIP-005-R3 - Unsuccessful Mail Logins
  • Daily NERC-CIP-005-R3 - Unsuccessful Mail Logins by Network Group
  • Daily NERC-CIP-005-R3 - Unsuccessful Miscellaneous Logins
  • Daily NERC-CIP-005-R3 - Unsuccessful Miscellaneous Logins by Network Group
  • Daily NERC-CIP-005-R3 - Unsuccessful SSH Logins
  • Daily NERC-CIP-005-R3 - Unsuccessful SSH Logins by Network Group
  • Daily NERC-CIP-005-R3 - Unsuccessful Telnet Logins
  • Daily NERC-CIP-005-R3 - Unsuccessful Telnet Logins by Network Group
  • Daily NERC-CIP-005-R3 - Unsuccessful Web Services Logins
  • Daily NERC-CIP-005-R3 - Unsuccessful Web Services Logins by Network Group
  • Monthly NERC-CIP-003-R5 - Added User Accounts
  • Monthly NERC-CIP-003-R5 - Deleted User Accounts
  • Remote Access Activity Summary
  • Top Users by Remote Access Activity
  • Weekly NERC-CIP-002-R2/R3 - Newly Discovered Operating Systems
  • Weekly NERC-CIP-005-R3 - Successful Login Attempts by NetworkGroup
  • Weekly NERC-CIP-005-R3 - Unsuccessful Logins Summary
  • Weekly NERC-CIP-005-R3 - Unsuccessful Mail Logins
  • Weekly NERC-CIP-005-R3 - Unsuccessful Mail Logins by Network Group
  • Weekly NERC-CIP-005-R3 - Unsuccessful Misc. Logins by Network Group
  • Weekly NERC-CIP-005-R3 - Unsuccessful Miscellaneous Logins
  • Weekly NERC-CIP-005-R3 - Unsuccessful SSH Logins
  • Weekly NERC-CIP-005-R3 - Unsuccessful SSH Logins by Network Group
  • Weekly NERC-CIP-005-R3 - Unsuccessful Telnet Logins by Network Group
  • Weekly NERC-CIP-005-R3 - Unsuccessful Web Services Logins
  • Weekly NERC-CIP-005-R3 - Unsuccessful Web Services Logins by Network Group
  • Weekly NERC-CIP-005-R3.2 - Detect Attempts at or Actual Unauthorized Access - Failed Login Attempts

The following saved searches are included in IBM Security QRadar NERC Content Extension V1.0.0.

  • Login Failures By Low Level Category
  • Login Failures by User
  • Mail Service Login Failures
  • Mail Service Login Failures by Network
  • Misc. Login Failures
  • Misc. Login Failures by Network
  • New Discovered OS by Category
  • Remote Access Failures (VPN and Others)
  • Remote Access Success (VPN and Other)
  • SSH Login Failures
  • SSH Login Failures by Network
  • SSH Login Failures TopN Users
  • Successful Logins by Network
  • Telnet Login Failures
  • Telnet Login Failures by Network
  • Top User by Mail Service Login Failure
  • Top Users by failed Misc. Logins
  • Top Users by Successful Logins
  • User Account Added By User
  • User Account Removed By User
  • Web Services Login Failures
  • Web Services Login Failures by Network