The IDPS must integrate event review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34579 | SRG-NET-999999-IDPS-00226 | SV-45437r1_rule | Low |
| Description |
|---|
| Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from the IDPS to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42786r1_chk ) |
|---|
| Inspect the management console. Verify sensor event analysis tools are installed or integrated which provide review, analysis, and reporting. If the management console or other IDPS component does not have tools which allow sensor event review, analysis, and reporting of sensor log events, this is a finding. |
| Fix Text (F-38834r1_fix) |
|---|
| Install a management console/server with event tools for sensor event review, analysis, and reporting. |