UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55335 SRG-NET-000091-IDPS-00193 SV-69581r1_rule Medium
Description
Centralized review and analysis of log records from multiple IDPS components gives the organization the capability to better detect distributed attacks and provides increased data points for behavior analysis techniques. These techniques are invaluable in monitoring for indicators of complex attack patterns. To support the centralized analysis capability, the IDPS components must be able to provide the information in a format (e.g., Syslog) that can be extracted and used, allowing the application to effectively review and analyze the log records.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2019-10-01

Details

Check Text ( C-55957r1_chk )
Verify the IDPS provides log information in a format that can be extracted and used by centralized analysis tools.

If the IDPS does not provide log information in a format that can be extracted and used by centralized analysis tools, this is a finding.
Fix Text (F-60201r1_fix)
Configure the IDPS to provide log information in a format that can be extracted and used by centralized analysis tools.