UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Prisma Cloud Compute must be configured to send events to the hosts' syslog.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253530 CNTR-PC-000310 SV-253530r960918_rule Medium
Description
Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must be properly collected and secured. Prisma Cloud Compute can be configured to send audit events to the host node's syslog in RFC5424-compliant format. Satisfies: SRG-APP-000111-CTR-000220, SRG-APP-000181-CTR-000485, SRG-APP-000358-CTR-000805, SRG-APP-000474-CTR-001180, SRG-APP-000516-CTR-000790
STIG Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-56982r840426_chk )
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab.

If the Syslog setting is "disabled", this is a finding.

Select the "Manage" tab.

If no Alert Providers are configured, this is a finding.
Fix Text (F-56933r840427_fix)
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab.

Set Syslog to "enabled".

Select the "Manage" tab.

Click "Add profile".

Complete the form based on the organization. At a minimum, the following Alert triggers must be selected:
- Host vulnerabilities.
- Image vulnerabilities.

Click "Save".