UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Exchange audit record parameters must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259654 EX19-MB-000033 SV-259654r960879_rule Low
Description
Log files help establish a history of activities and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.
STIG Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-63393r942274_chk )
Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select-Object -Property AdminAuditLogParameters

Note: The value of "*" indicates all parameters are being audited.

If the value of "AdminAuditLogParameters" is not set to "*", this is a finding.
Fix Text (F-63301r942275_fix)
Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogParameters *