The IAO/NSO will ensure the audit trail events include source IP, destination IP, port, protocol used and action taken.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25891 | NET1289 | SV-32504r1_rule | ECSC-1 ECTB-1 | Low |
| Description |
|---|
| The firewall logs can be used for forensic analysis in support of incident as well as to aid with normal traffic analysis. |
| STIG | Date |
|---|---|
| Firewall Security Technical Implementation Guide | 2013-10-08 |
Details
| Check Text ( C-32809r1_chk ) |
|---|
| Review the active firewall logs and verify the source IP, destination IP, port, protocol used and action taken are recorded fields in the event record.. |
| Fix Text (F-28929r1_fix) |
|---|
| Ensure the firewall logs are receiving source IP, destination IP, port, protocol used and action taken. |