Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34543 | SRG-NET-000077-IDPS-00062 | SV-45385r2_rule | Medium |
Description |
---|
Associating the source of the event with detected events in the logs provides a means of investigating an attack or suspected attack. While auditing and logging are closely related, they are not the same. Logging is recording data about events that take place in a system, while auditing is the use of log records to identify security-relevant information such as system or user accesses. In short, log records are audited to establish an accurate history. Without logging, it would be impossible to establish an audit trail. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2019-10-01 |
Check Text ( C-42734r2_chk ) |
---|
Verify configuration produces audit records containing information to establish the source of the event, including, at a minimum, originating source address. If the IDPS does not produce audit records containing information to establish the source of the event, including, at a minimum, originating source address, this is a finding. |
Fix Text (F-38782r3_fix) |
---|
Configure the IDPS to produce audit records containing information to establish the source of the event, including, at a minimum, originating source address. |