The IDPS must employ automated mechanisms to alert security personnel of any inappropriate or unusual activities with security implications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000092-IDPS-000234 | SRG-NET-000092-IDPS-000234 | SRG-NET-000092-IDPS-000234_rule | Medium |
| Description |
|---|
| Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate risk assessment. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. By immediately displaying an alarm message, potential security violations can be identified more immediately, even when administrators are not logged into the IDPS. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43406_chk ) |
|---|
| Inspect the sensor alert configuration function. Verify alerts are enabled and configured to notify authorized individuals or entities of issues detected during scanning. If alerts are not used to notify personnel of organizationally defined high priority issues detected during scanning, this is a finding. |
| Fix Text (F-43406_fix) |
|---|
| Configure high priority alerts on each sensor. Alerts should be tailored to the network segment (e.g., Management zone, DMZ zone, trusted network) |