Dragos Platform must allocate audit record storage retention length.
Overview
Finding ID
Version
Rule ID
IA Controls
Severity
V-271008
DRAG-OT-001430
SV-271008r1057667_rule
Medium
Description
In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity.
The task of allocating audit record storage capacity is usually performed during initial installation of Dragos Platform and is closely associated with the database administrator (DBA) and system administrator (SA) roles. The DBA or SA will usually coordinate the allocation of physical drive space with Dragos Platform owner/installer and Dragos Platform will prompt the installer to provide the capacity information, the physical location of the disk, or both.
In the UI, navigate to Admin >> SiteStore Management >> Advanced Settings.
Review the System Security Plan (SSP).
Verify Deleted Retention Days and Source Data Retention Days is set accordance with organization-defined audit record storage requirements. If not, this is a finding.
Fix Text (F-74952r1057666_fix)
In the UI, navigate to Admin >> SiteStore Management >> Advanced Settings.
Set "Deleted Retention Days" and "Source Data Retention Days" (length in days) in accordance with organization-defined audit record storage requirements.