10.4 Audit logs are reviewed to identify anomalies or suspicious activity.
This requirement focuses on the regular review of audit logs to identify potential security issues, anomalies, or suspicious activities. Timely review of logs is essential for detecting and responding to security incidents before they can cause significant damage.
Sub-requirements
- 10.4.1: The following audit logs are reviewed at least once daily:
- 10.4.1.1: Automated mechanisms are used to perform audit log reviews.
- 10.4.2: Logs of all other system components are reviewed periodically
- 10.4.2.1: Frequency of periodic log reviews is defined in targeted risk analysis
- 10.4.3: Exceptions and anomalies identified during the review process are addressed.
10.4. Audit logs are reviewed and exceptions are followed up.
Ensure that audit logs are reviewed daily, anomalies are investigated, and evidence of review and follow-up is retained.
Key Risks
Frequently Asked Questions
How often must audit logs be reviewed?
At least daily, to identify anomalies or suspicious activity.
What should be done when exceptions or anomalies are found?
They must be investigated and followed up according to incident response procedures.
How is evidence of log review retained?
Through review logs, tickets, or sign-off records.
What are common mistakes with log review?
Overreliance on manual review, missed daily reviews, or lack of follow-up on alerts.
Why is timely log review important?
It enables early detection and response to security incidents.
Common QSA Questions
Can you show evidence of daily log reviews?
Yes, we maintain review logs and tickets for all daily log analysis activities.
How are anomalies and exceptions followed up?
We use incident tracking and escalation workflows to ensure timely response.
How is evidence of follow-up retained?
All follow-up actions are documented and stored with the related log review records.
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy