Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242185 | TIPP-IP-000190 | SV-242185r710345_rule | Medium |
Description |
---|
It is critical that when the TPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include: software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure. The TPS performs a critical security function, so its continued operation is imperative. Since availability of the TPS is an overriding concern, shutting down the system in the event of an audit failure should be avoided except as a last resort. The SYSLOG protocol does not support automated synchronization; however, this functionality may be provided by Network Management Systems (NMSs) which are not within the scope of this STIG. |
STIG | Date |
---|---|
Trend Micro TippingPoint IDPS Security Technical Implementation Guide | 2022-06-28 |
Check Text ( C-45460r710096_chk ) |
---|
1. In the Trend Micro SMS interface, go to the "Admin" tab, and select "Server Properties". 2. Select the "syslog" tab. If each syslog setting is not configured with TCP as the protocol, this is a finding. |
Fix Text (F-45418r710097_fix) |
---|
1. In the Trend Micro SMS interface, go to the "Admin" tab, and select "Server Properties". 2. Select the "syslog" tab. 3. Click "New". 4. Under syslog server type the hostname or IP address of the syslog server. 5. Click TCP to ensure logging data is queued in the case of disconnection of the syslog server. 6. Type the port used by the centralized logging server (traditionally it is port 514). 7. Under log type, select "Device Audit". 8. Under facility click "Log Audit". 9. Click Event timestamp under "Include Timestamp in Header". 10. Select "include SMS hostname in header". Repeat this three more times changing the Log Type to include Device System, SMS Audit, and SMS System. |