The IDPS must provide the capability to automatically process sensor log records for events of interest based upon selectable criteria.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34575 | SRG-NET-999999-IDPS-00228 | SV-45431r1_rule | Low |
| Description |
|---|
| Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative that the data from multiple sensors be correlated Collecting log data and enabling personnel to filter the data based on selection criteria to produce a meaningful view achieves this objective. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42780r1_chk ) |
|---|
| Verify the central management server has the capability to set up jobs or automatically generate reports based on organizationally defined criteria. If the IDPS management console used cannot be configured to automatically process log records and produce customized reports, this is a finding. |
| Fix Text (F-38828r1_fix) |
|---|
| Use an IDPS that has the capability to automatically process log records for events of interest; or install a forensics or aggregation server that provides this service. |