UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35192 SRG-APP-000110-AS-000071 SV-46479r1_rule Low
Description
Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a sufficient manner. Audit review, analysis, and reporting are all activities related to the evaluation of system activity through the inspection and analysis of system log data. In order to determine what is happening within the application server or to resolve and trace an attack, it is imperative to be able to correlate the log data from multiple AS elements so as to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective. The AS must integrate audit review, analysis and reporting of audit data or it must be configurable to utilize a centralized solution designed to meet this requirement.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43570r1_chk )
Review the AS configuration settings to determine if the AS audit system is configured to integrate audit review, analysis, and reporting processes. If the AS is not configured to natively meet the requirement, review AS documentation and request the system administrator demonstrate the capability on the AS to transfer audit logs to a central audit system. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39738r1_fix)
Configure the AS to integrate audit review, analysis and reporting processes or configure the AS to provide audit log information to a centralized audit management system that meets the requirement.