Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must capture and log alerts that contain detailed information for events identified by type, location, and subject.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000080-IDPS-000077 | SRG-NET-000080-IDPS-000077 | SRG-NET-000080-IDPS-000077_rule | Low |
| Description |
|---|
| Audit record content that may be necessary to satisfy the requirement of this control, includes, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. This capability is critical for accurate forensic analysis. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43205_chk ) |
|---|
| Verify log view setting can be reorganized to view the log entries by type, location or subject. Verify the sensor logs categorize each event logged by a minimum event type, location, and a description of the event. If sensor logs entries do not include a minimum of event type, location, and a description of the event for each event captured, this is a finding. |
| Fix Text (F-43205_fix) |
|---|
| Configure the sensors and central management server to categorize each alert. Alerts will include event type, location, and a description of the event. |