The IDPS must provide a warning when the sensor event logging storage capacity reaches an organizationally defined maximum capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34589 | SRG-NET-999999-IDPS-00223 | SV-45453r1_rule | Low |
| Description |
|---|
| It is imperative the IDPS be configured to allocate storage capacity to contain sensor event log records and an alert be generated when the capacity reaches an organizationally defined threshold. Without this capability, the site could lose valuable data needed for investigating security incidents. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42802r1_chk ) |
|---|
| Identify how the IDPS is configured for this notification. Verify the message is displayed at the remote console if an administrator is already logged in, or when an administrator logs in. Verify the device is capable of generating the alarm or alert and notification as described. If the system does not provide a warning when the logging storage capacity reaches an organizationally defined percentage of maximum capacity, this is a finding. |
| Fix Text (F-38850r1_fix) |
|---|
| Configure the IDPS to alert when the sensor event log reaches an organizationally defined capacity. |