The Bromium Enterprise Controller (BEC) must have Threat Intelligence lookup disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-80483 | BROM-00-001315 | SV-95191r1_rule | Low |
| Description |
|---|
| The Enable Threat Intelligence lookup setting controls whether the controller obtains and displays threat information from Bromium Threat Intelligence, which needs an external connection to Bromium resources, which is not allowed. Optionally, the site can deploy an internal/trusted instance of the Threat Intelligence server. |
| STIG | Date |
|---|---|
| Bromium Secure Platform 4.x Security Technical Implementation Guide | 2018-05-11 |
Details
| Check Text ( C-80159r1_chk ) |
|---|
| Review the base policy to ensure that the Bromium Threat Intelligence service is disabled. 1. Using the management console, navigate to "Policies" and select the base policy. 2. Navigate to "Security". 3. Navigate to and inspect the "Enable Bromium Threat Intelligence?" policy setting. If the Bromium Threat Intelligence service is enabled, this is a finding. |
| Fix Text (F-87293r1_fix) |
|---|
| Modify the base policy to ensure that the Bromium Threat Intelligence service is disabled. 1. Using the management console, navigate to "Policies" and select the base policy. 2. Navigate to "Security". 3. Navigate to and disable the "Enable Bromium Threat Intelligence?" policy setting. |