Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242186 | TIPP-IP-000200 | SV-242186r710101_rule | Medium |
Description |
---|
It is critical that when the TPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure. The IDPS performs a critical security function, so its continued operation is imperative. Since availability of the TPS is an overriding concern, shutting down the system in the event of an audit failure should be avoided, except as a last resort. |
STIG | Date |
---|---|
Trend Micro TippingPoint IDPS Security Technical Implementation Guide | 2022-06-28 |
Check Text ( C-45461r710099_chk ) |
---|
1. In the Trend Micro SMS interface, go to the "Admin" tab, and select "Database". Each item in the database maintenance section has a configurable item to ensure when the newest logs will overwrite the oldest logs. This is configured through the number of rows: a. The Events log must be set to at least 30,000,000 rows, with an age of 90 days. b. The Audit Log must be set 1,000,000 rows and an age of 365 days. c. The Device Audit Log must be set 1,000,000 rows and an age of 365 days. d. The Device System Log must be set 1,000,000 rows and an age of 365 days. If these values are not set, this is a finding. |
Fix Text (F-45419r710100_fix) |
---|
1. In the Trend Micro SMS interface, go to the "Admin" tab, and select "Database". 2. Make the following changes: a. The Events log must be set to at least 30,000,000 rows, with an age of 90 days. b. The Audit Log must be set 1,000,000 rows and an age of 365 days. c. The Device Audit Log must be set 1,000,000 rows and an age of 365 days. d. The Device System Log must be set 1,000,000 rows and an age of 365 days. |