Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55363 | SRG-NET-000249-IDPS-00222 | SV-69609r2_rule | Medium |
Description |
---|
Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be impeded. The IDPS generates an immediate (within seconds) alert which notifies designated personnel of the incident. Sending a message to an unattended log or console does not meet this requirement since that will not be seen immediately. These messages should include a severity level indicator or code as an indicator of the criticality of the incident. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2019-10-01 |
Check Text ( C-55987r2_chk ) |
---|
Verify the IDPS sends an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected. If the IDPS does not send an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected, this is a finding. |
Fix Text (F-60461r2_fix) |
---|
Configure the IDPS to send an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected. |