The Central Log Server must be configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-81189	SRG-APP-000516-AU-000380	SV-95903r1_rule		Medium

Description
This supports prioritization functions, which is a major reason why centralized management is a requirement in DoD. This includes different features that help highlight the important events over less critical security events. This may be accomplished by correlating security events with vulnerability data or other asset information. Prioritization algorithms often use severity information provided by the original log source as well.

Description

This supports prioritization functions, which is a major reason why centralized management is a requirement in DoD. This includes different features that help highlight the important events over less critical security events. This may be accomplished by correlating security events with vulnerability data or other asset information. Prioritization algorithms often use severity information provided by the original log source as well.

STIG	Date
Central Log Server Security Requirements Guide	2018-08-29

Details

Check Text ( C-80857r1_chk )
Examine the configuration. Verify the Central Log Server is configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts. If the Central Log Server is not configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts, this is a finding.

Fix Text (F-87965r1_fix)
Configure the Central Log Server with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.