The IDPS must use internal system clocks to generate timestamps for sensor event records.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34570	SRG-NET-999999-IDPS-00230	SV-45424r1_rule		Low

Description
Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from the IDPS to acquire a clear understanding as to what happened or is happening. In order to correlate, timestamps are needed on all of the log records.

Description

Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from the IDPS to acquire a clear understanding as to what happened or is happening. In order to correlate, timestamps are needed on all of the log records.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42773r1_chk )
Inspect each sensor. Verify the sensors are configured to use the internal system clock to generate the date/timestamp included with the event log entry. If the system is not configured to use internal system clocks to generate timestamps for sensor event records, this is a finding.

Fix Text (F-38821r1_fix)
For each sensor, configure the device to use the internal system clock to generate the date/timestamp included with the event log entry.