Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-94669 | SYMP-NM-000090 | SV-104499r1_rule | Low |
Description |
---|
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without an alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. |
STIG | Date |
---|---|
Symantec ProxySG NDM Security Technical Implementation Guide | 2019-12-20 |
Check Text ( C-93859r1_chk ) |
---|
Verify the Symantec ProxySG is configured to send alerts when event logging fails. 1. Log on to the Web Management Console. 2. Click Maintenance >> Events Logging. 3. Confirm that "Severe" is checked. 4. Select the "Mail" tab and confirm an email address of an administrator is entered. If Symantec ProxySG does not generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent, this is a finding. |
Fix Text (F-100787r1_fix) |
---|
Configure the ProxySG to send notifications. 1. Log on to the Web Management Console. 2. Click Maintenance >> Events Logging. 3. Select "Severe". 4. Select the "Mail" tab and enter the email address to receive the email alert. 5. Click "Apply". |