Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-65899 | TMDS-00-000120 | SV-80389r1_rule | Medium |
Description |
---|
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. |
STIG | Date |
---|---|
Trend Micro Deep Security 9.x Security Technical Implementation Guide | 2016-02-26 |
Check Text ( C-66547r1_chk ) |
---|
Review the Trend Deep Security server configuration to ensure audit records are backed up at least every seven days onto a different system or system component than the system or component being audited. Verify the application backup frequency by reviewing the configuration settings in Administration >> System Settings >> SIEM If the "Forward System Events to a remote computer (via Syslog)" is not enabled with the proper configuration settings, this is a finding. |
Fix Text (F-71975r2_fix) |
---|
Configure the Trend Deep Security server to back up audit records at least every seven days onto a different system or system component than the system or component being audited. Configure the application to forward audit records to a log management tool for backup and storage. Go to Administration >> System Settings >> SIEM Enable "Forward System Events to a remote computer (via Syslog)" Configure the following: Hostname or IP address to which events should be sent UDP port to which events should be sent Syslog Facility Syslog Format |