Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25891 | NET1289 | SV-32504r2_rule | ECSC-1 ECTB-1 | Low |
Description |
---|
The network device logs can be used for forensic analysis in support of incident as well as to aid with normal traffic analysis. |
STIG | Date |
---|---|
Firewall Security Technical Implementation Guide | 2017-12-07 |
Check Text ( C-32809r3_chk ) |
---|
Review the active logs and verify the source IP, destination IP, port, protocol used and action taken are recorded fields in the event record. If logs do not include the source IP, destination IP, port, or protocol, this is a finding. |
Fix Text (F-28929r1_fix) |
---|
Ensure the firewall logs are receiving source IP, destination IP, port, protocol used and action taken. |