UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000257-IDPS-000239 SRG-NET-000257-IDPS-000239 SRG-NET-000257-IDPS-000239_rule Medium
Description
When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. Near real-time alerts for critical events allow the administrators to respond to these potential compromise indicators since they may miss other types of alerts if they are not logging in or at the management console.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43411_chk )
Inspect the alert functionality using the management console. Verify the system is configured to provide alerts to emails or monitored system screens when an organizationally defined list of events occur.

If the system is not configured to provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur, this is a finding.
Fix Text (F-43411_fix)
Configure the IDPS to alert the administrators using email or another near real-time method when an organizationally defined list of events that may indicate an attack or other security violation occurs.