The IDPS must notify an organizationally defined list of incident response personnel of suspicious events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34774 | SRG-NET-000259-IDPS-00185 | SV-45698r1_rule | Medium |
| Description |
|---|
| Monitoring outbound traffic enables the network operator to detect an attack towards another network with the local enclave as the base. When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43064r1_chk ) |
|---|
| Verify the sensors are configured to alert the various individuals when specific events (as defined by the organization) are detected. If the IDPS is not configured to alert specific individuals when suspicious events are detected, this is a finding. |
| Fix Text (F-39096r1_fix) |
|---|
| Implement alerts to notify specific individuals when suspicious events are detected. |