Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55363 | SRG-NET-000249-IDPS-00222 | SV-69609r1_rule | Medium |
Description |
---|
Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be impeded. The IDPS generates an immediate (within seconds) alert which notifies designated personnel of the incident. Sending a message to an unattended log or console does not meet this requirement since that will not be seen immediately. These messages should include a severity level indicator or code as an indicator of the criticality of the incident. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2018-10-09 |
Check Text ( C-55987r1_chk ) |
---|
Verify the IDPS sends an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected. If the IDPS does not send an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected, this is a finding. |
Fix Text (F-60461r1_fix) |
---|
Configure the IDPS to send an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected. |