Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-80429 | BROM-00-000195 | SV-95133r1_rule | Medium |
Description |
---|
It is critical for the appropriate personnel to be aware if an endpoint fails to connect to the management server within a defined time period. Without this notification, the security personnel may be unaware of an impending failure of the event capture capability, malicious activity, or insider threat. Failure for a vSentry client to report in may be caused by network failures, unauthorized users escalating privileges to disable the security software, altering local hostname resolution settings, etc. |
STIG | Date |
---|---|
Bromium Secure Platform 4.x Security Technical Implementation Guide | 2018-05-11 |
Check Text ( C-80101r1_chk ) |
---|
Verify that the reporting threshold for endpoints has been documented. Navigate to the management console, click on the selection arrow next to "Events". Verify the organization-defined time period that the vSentry client must connect to the BEC for logging or policy update purposes is configured. If the BEC does not generate a log record when a Bromium vSentry client has not connected to the BEC for logging or policy update purposes for an organization-defined time period, this is a finding. |
Fix Text (F-87235r1_fix) |
---|
Define the organization-defined time period for when an alert should be generated. Navigate to the management console, click on the selection arrow next to "Events" and verify the organization-defined time period that the vSentry client must connect to the BEC for logging or policy update purposes is configured. |