Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-253530 | CNTR-PC-000310 | SV-253530r840428_rule | Medium |
Description |
---|
Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must be properly collected and secured. Prisma Cloud Compute can be configured to send audit events to the host node's syslog in RFC5424-compliant format. Satisfies: SRG-APP-000111-CTR-000220, SRG-APP-000181-CTR-000485, SRG-APP-000358-CTR-000805, SRG-APP-000474-CTR-001180, SRG-APP-000516-CTR-000790 |
STIG | Date |
---|---|
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-56982r840426_chk ) |
---|
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab. If the Syslog setting is "disabled", this is a finding. Select the "Manage" tab. If no Alert Providers are configured, this is a finding. |
Fix Text (F-56933r840427_fix) |
---|
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab. Set Syslog to "enabled". Select the "Manage" tab. Click "Add profile". Complete the form based on the organization. At a minimum, the following Alert triggers must be selected: - Host vulnerabilities. - Image vulnerabilities. Click "Save". |