The IDPS must support the requirement to centrally manage the events from multiple sensor queues.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34597	SRG-NET-999999-IDPS-00220	SV-45463r1_rule		Medium

Description
Centrally managing data captured by the various sensors provides for easier management of network events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of event data can facilitate troubleshooting when problems are encountered and can assist in performing root cause analysis. A repository of data can also be correlated in real time to identify suspicious behavior or to be archived for review at a later time for research and analysis. IDPS sensors are managed from a maintenance console or server installed on the management network. Configuration and management of the sensor configuration, except for initial network configuration, must be performed through accessing the management console. Without the ability to centrally manage events, troubleshooting and correlation of suspicious behavior will be difficult and may lead to or prolong an attack.

Description

Centrally managing data captured by the various sensors provides for easier management of network events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of event data can facilitate troubleshooting when problems are encountered and can assist in performing root cause analysis. A repository of data can also be correlated in real time to identify suspicious behavior or to be archived for review at a later time for research and analysis. IDPS sensors are managed from a maintenance console or server installed on the management network. Configuration and management of the sensor configuration, except for initial network configuration, must be performed through accessing the management console. Without the ability to centrally manage events, troubleshooting and correlation of suspicious behavior will be difficult and may lead to or prolong an attack.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42813r1_chk )
Verify a management console or server is used to manage the configuration and events logs for all sensors. If sensor configuration and events cannot be managed centrally, this is a finding.

Fix Text (F-38860r1_fix)
Install and configure a management console to provide central management of sensor events.