CounterACT must generate audit log events for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-76207 | CACT-NM-000010 | SV-90895r1_rule | Low |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| STIG | Date |
|---|---|
| ForeScout CounterACT NDM Security Technical Implementation Guide | 2017-09-19 |
Details
| Check Text ( C-75893r1_chk ) |
|---|
| Determine if CounterACT generates audit log events for a locally developed list of auditable events. 1. Open the CounterACT Console. 2. Select Tools >> Options >> Plugin. 3. Select the Syslog Plugin. 4. Select CounterACT or the Enterprise Manager appliance you would like to verify. 5. Verify additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs". If CounterACT is not configured to generate audit log events for a locally developed list of auditable events, this is a finding. |
| Fix Text (F-82907r1_fix) |
|---|
| Configure CounterACT to generate audit log events for a locally developed list of auditable events. 1. Open the CounterACT Console. 2. Select Tools >> Options >> Plugin. 3. Select the Syslog Plugin. 4. Select CounterACT or the Enterprise Manager appliance you would like to verify. 5. Ensure additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs". |