Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251676 | SPLK-CL-000280 | SV-251676r961863_rule | Medium |
Description |
---|
Detecting when multiple systems are showing anomalies can often indicate an attack. Notifying appropriate personnel can initiate a proper response and mitigation of the attack. |
STIG | Date |
---|---|
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide | 2024-06-10 |
Check Text ( C-55114r808262_chk ) |
---|
Interview the SA to verify that a report exists to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage. Interview the ISSO to confirm receipt of this report. If a report does not exist, or the ISSO does not confirm receipt of this report, this is a finding. |
Fix Text (F-55068r808263_fix) |
---|
Configure Splunk Enterprise, using the Reporting and Alert tools, to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage. |