Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-102905 | BUEM-00-000500 | SV-111867r1_rule | Medium |
Description |
---|
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. Since the BlackBerry UEM server has limited capability to store mobile device log files and perform analysis and reporting of mobile device log files, the BlackBerry UEM server must have the capability to transfer log files to an audit log management server. SFR ID: FMT_SMF.1.1(2) c.8, FAU_STG_EXT.1.1(1) |
STIG | Date |
---|---|
BlackBerry UEM Security Technical Implementation Guide | 2020-07-13 |
Check Text ( C-101651r1_chk ) |
---|
Review the Syslog audit records from the syslog audit management server and verify UEM logs are included. If UEM logs are not found on the Syslog server, this is a finding. |
Fix Text (F-108445r1_fix) |
---|
The Admin must access the UEM server. Configuring trust: 1. Get the CA that signs the Syslog server cert. 2. Upload the CA into the UEM server. - From the CMD prompt on the UEM server follow the instructions found on page 70-71 of the Admin Guide, "Setup export of server audit records to a syslog server". 3. Configure UEM to send audit data to the Syslog server. - Copy the script in Appendix A of the Admin Guide. - In the script, change the hostname and port number to match your environment. - Set the host name and port number, for example: SET @v_hostname = 'localhost'; SET @v_port = '31000'; 4. Execute the SQL script against the BlackBerry UEM database. 5. Restart the BlackBerry UEM Core service. |