The IDPS must provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34771 | SRG-NET-000257-IDPS-00182 | SV-45695r1_rule | Medium |
| Description |
|---|
| When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. Near real-time alerts for critical events allow the administrators to respond to these potential compromise indicators since they may miss other types of alerts if they are not currently logged into the management console. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43061r1_chk ) |
|---|
| Inspect the alert functionality using the management console. Verify the system is configured to provide alerts to an email or monitored system screen when any of an organizationally defined list of compromise or potentially compromise events occur. If the system is not configured to provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur, this is a finding. |
| Fix Text (F-39093r1_fix) |
|---|
| Configure the IDPS to alert the administrators using email or another near real-time method when an organizationally defined list of events that may indicate an attack or other security violation occurs. |