Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000081-IDPS-000078 | SRG-NET-000081-IDPS-000078 | SRG-NET-000081-IDPS-000078_rule | Medium |
Description |
---|
Centrally managing data captured by the various sensors provides for easier management of network events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of audit data can facilitate troubleshooting when problems are encountered and can assist in performing root cause analysis. A repository of audit data can also be correlated in real time to identify suspicious behavior or be archived for review at a later time for research and analysis. IDPS sensors are managed from a maintenance console or server installed on the management network. Configuration and management of the sensor configuration, except for initial network configuration, must be performed through accessing the management console. Without the ability to centrally manage events, troubleshooting and correlation of suspicious behavior will be difficult and may lead to or prolong the attack. |
STIG | Date |
---|---|
IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Check Text ( C-43206_chk ) |
---|
Verify a management console or server is used to manage the configuration and events logs for all sensors. If sensor configuration and events cannot be managed centrally, this is a finding. |
Fix Text (F-43206_fix) |
---|
Install and configure a management console to provide central management of sensor events. |