# Monitoring ## Monitoring Policy ### Event Monitoring Policy Screendesk implements comprehensive auditing and monitoring controls to identify and capture the following events: * All authentication and authorization activities by all users and their associated accounts (e.g., successful and unsuccessful login attempts) * Any access to or creation, modification, or deletion of Sensitive or Customer data * All actions taken by privileged users * Malicious activity Screendesk monitors system components to capture these events with specialized software such as File Integrity Monitoring (FIM), Host-based Intrusion Detection Systems (HIDS), and/or change detection software programs. Notifications are set up to alert the CTO if immediate action needs to be taken. The CTO is responsible for monitoring and communicating changes and events. ### Performance and Utilization Monitoring Policy Screendesk monitors system components (e.g., servers) for appropriate performance and utilization by taking the following measures: * Process monitoring: Screendesk monitors all critical processes and provides alerting and notification measures when processes fail. * Network interface monitoring: Screendesk monitors the overall health and status of the network interface. * CPU utilization: Screendesk identifies current, real-time capacity of the central processing unit (CPU) and sends alerts and notifications if capacity is over limits and/or assets are underutilized. * Memory utilization: Screendesk identifies current, real-time memory usage and sends alerts and notifications if memory usage is high and/or if memory availability is low. * Disk utilization: Screendesk identifies current, real-time disk space and sends alerts and notifications if disk space is low. ### Logging and Reporting Policy Along with capturing all necessary events described in the Event Monitoring Policy, Screendesk implements protocols to log, store, and review all required events and their associated attributes as necessary. #### Logging Screendesk uses capturing and forwarding protocols (e.g., Syslog) and/or specialized software applications or other technology as necessary to protect the confidentiality, integrity, and availability of audit trails and their respective log reports that are produced by monitoring activities. #### Review The CTO reviews all applicable user permissions and related output (e.g., log reports) to identify any issues or concerns and report them immediately to appropriate personnel. #### Reporting Any anomalies, such as unauthorized configuration changes in the logs, are escalated in accordance with the Incident Management Policy. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://security.screendesk.io/policies/monitoring.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.