Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must generate audit log events for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34599 | SRG-NET-000115-IDPS-00084 | SV-45465r1_rule | Low |
| Description |
|---|
| Logging specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. Locally developed sensor rules may be developed incorrectly and may not be configured for proper alerting. These rules implement organizationally defined security policies and are used to tailor the IDPS sensors to meet organizational requirements not provided by default vendor rules and updates (e.g., IAVMs). |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42812r1_chk ) |
|---|
| Obtain a list of organizationally defined events which must be logged. Examine the audit log configuration. Verify events are configured based on the specific system component. If the IDPS is not configured to generate audit log events for a locally developed list of auditable events, this is a finding. |
| Fix Text (F-38862r1_fix) |
|---|
| Configure the IDPS, so events are audited based on the specific component of the system. |