UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must integrate event review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34579 SRG-NET-999999-IDPS-00226 SV-45437r1_rule Low
Description
Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from the IDPS to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42786r1_chk )
Inspect the management console. Verify sensor event analysis tools are installed or integrated which provide review, analysis, and reporting.

If the management console or other IDPS component does not have tools which allow sensor event review, analysis, and reporting of sensor log events, this is a finding.
Fix Text (F-38834r1_fix)
Install a management console/server with event tools for sensor event review, analysis, and reporting.