The IDPS must allocate sensor log record storage capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34595 | SRG-NET-999999-IDPS-00221 | SV-45460r1_rule | Low |
| Description |
|---|
| The IDPS must allocate enough storage capacity to contain log records. Log records on the sensors are critical. If the log storage capacity is exceeded, the sensor may malfunction or shutdown. The site would lose valuable data needed for investigating security incidents. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42809r1_chk ) |
|---|
| Examine the sensor log configuration. Verify a dedicated amount of space has been allocated for the sensor events log and this space is not usable by other applications or processes. If the system is not configured to allocate sensor events log record storage capacity, this is a finding. |
| Fix Text (F-38857r1_fix) |
|---|
| Configure the IDPS to allocated space that is dedicated to sensor log record storage. |