Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-80469 | BROM-00-001135 | SV-95173r1_rule | Medium |
Description |
---|
The default policy logging level captures the maximum level of data available to the administrator for forensic purposes and troubleshooting. This is required for analyzing Indicators of Compromise (IOCs) that may necessitate an alert from the events server and action by the system administrator. |
STIG | Date |
---|---|
Bromium Secure Platform 4.x Security Technical Implementation Guide | 2018-05-11 |
Check Text ( C-80141r1_chk ) |
---|
Inspect the base policy for all endpoints. 1. From the management console, click on "Policies". 2. Select the base policy. 3. Select the "Manageability" tab. 4. Inspect the Logging level setting. If the BEC base policy Logging level has not been set to "Debug", this is a finding. |
Fix Text (F-87275r1_fix) |
---|
Enable the Debug Logging level. 1. From the management console, click on "Policies". 2. Select the base policy. 3. Select the "Manageability" tab. 4. Set the Logging level to "Debug". 5. Click "Save and Deploy". |