The application server must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35192	SRG-APP-000110-AS-000071	SV-46479r1_rule		Low

Description
Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a sufficient manner. Audit review, analysis, and reporting are all activities related to the evaluation of system activity through the inspection and analysis of system log data. In order to determine what is happening within the application server or to resolve and trace an attack, it is imperative to be able to correlate the log data from multiple AS elements so as to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective. The AS must integrate audit review, analysis and reporting of audit data or it must be configurable to utilize a centralized solution designed to meet this requirement.

Description

Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a sufficient manner. Audit review, analysis, and reporting are all activities related to the evaluation of system activity through the inspection and analysis of system log data. In order to determine what is happening within the application server or to resolve and trace an attack, it is imperative to be able to correlate the log data from multiple AS elements so as to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective. The AS must integrate audit review, analysis and reporting of audit data or it must be configurable to utilize a centralized solution designed to meet this requirement.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43570r1_chk )
Review the AS configuration settings to determine if the AS audit system is configured to integrate audit review, analysis, and reporting processes. If the AS is not configured to natively meet the requirement, review AS documentation and request the system administrator demonstrate the capability on the AS to transfer audit logs to a central audit system. If the AS is not configured to meet this requirement, this is a finding.

Check Text ( C-43570r1_chk )

Review the AS configuration settings to determine if the AS audit system is configured to integrate audit review, analysis, and reporting processes. If the AS is not configured to natively meet the requirement, review AS documentation and request the system administrator demonstrate the capability on the AS to transfer audit logs to a central audit system. If the AS is not configured to meet this requirement, this is a finding.

Fix Text (F-39738r1_fix)
Configure the AS to integrate audit review, analysis and reporting processes or configure the AS to provide audit log information to a centralized audit management system that meets the requirement.