HSM Log Extraction Tool

HSM Logs are the primary forensic location where activities can be verified and cryptographically validated.

Your security officers should use the logs to make regular checks for security breaches and security related performances.

PCI Directive 10.5.3 mandates the prompt backup of audit trail files to a centralised log server or media that is difficult to alter.

Many organisations unacceptably leave their activity logs on the HSM due to their lack of awareness of this directive or inability to mitigate the associated risk of non-compliance.

The ID-3 Log Processing Tool enables simple and effective measures to support compliance towards this directive.

Using the tool is simple and effective

  • Deploy a suitable version of the tool to the secured target platform - Java, C++, Python versions available.

  • Define the target HSMs from which to extract audit Logs.

  • Define the frequency for which Log extraction should take place - Hourly, Daily, Weekly or Monthly.

Then consider the following integration activites

  • Calculate the approximate data storage requirements.

  • Agree and establish the connector type in collaboration with the SOC - Scripts available from ID-3.

  • Agree and define the Log retention period collaboration with the SOC.

  • Develop log views and access controls to the HSM Log data with the SOC.

  • Decide on the strategy for HSM Log validation and implement suitable SIEM controls to make the data hard to alter.

  • Consider a data monitoring and alerting strategy for SIEM collected events.