The IDPS must provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000257-IDPS-000239	SRG-NET-000257-IDPS-000239	SRG-NET-000257-IDPS-000239_rule		Medium

Description
When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. Near real-time alerts for critical events allow the administrators to respond to these potential compromise indicators since they may miss other types of alerts if they are not logging in or at the management console.

Description

When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. Near real-time alerts for critical events allow the administrators to respond to these potential compromise indicators since they may miss other types of alerts if they are not logging in or at the management console.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43411_chk )
Inspect the alert functionality using the management console. Verify the system is configured to provide alerts to emails or monitored system screens when an organizationally defined list of events occur. If the system is not configured to provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur, this is a finding.

Fix Text (F-43411_fix)
Configure the IDPS to alert the administrators using email or another near real-time method when an organizationally defined list of events that may indicate an attack or other security violation occurs.