Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251673 | SPLK-CL-000250 | SV-251673r879582_rule | Low |
Description |
---|
Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up log records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to ensure that in the event of a catastrophic system failure, the log records will be retained. This helps to ensure that a compromise of the information system being audited does not also result in a compromise of the log records. This requirement only applies to applications that have a native backup capability for log records. Operating system backup requirements cover applications that do not provide native backup functions. |
STIG | Date |
---|---|
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide | 2023-06-09 |
Check Text ( C-55111r808253_chk ) |
---|
Interview the SA to verify that a process exists to back up the Splunk log data every seven days, using the underlying OS backup tools or another approved backup tool. If a backup plan does not exist for the Splunk log data, this is a finding. |
Fix Text (F-55065r808254_fix) |
---|
Implement a backup plan for the Splunk log data, following the Splunk documentation on backing up indexed data. Use the underlying OS backup tools, or another approved backup tool. |