The DataPower Gateway providing user access control intermediary services must provide the capability for authorized users to capture, record, and log all content related to a selected user session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65305 | WSDP-AG-000120 | SV-79795r1_rule | CCI-001462 | medium |
| Description | ||||
| Without the capability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. The intent of this requirement is to ensure the capability to select specific sessions to capture is available in order to support general auditing/incident investigation, or to validate suspected misuse by a specific user. Examples of session events that may be captured include, port mirroring, tracking websites visited, and recording information and/or file transfers. | ||||
| STIG | Date | |||
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 | |||
Details
Check Text (C-79795r1_chk)
From the WebGUI Control Panel, click on Troubleshooting >> Click on the Debug Probe tab. Verify that the desired service type and service instance has an active Probe track transaction information for that service instance.
From the WebGUI, go to Objects >> Logging Configuration>> Log Target. Verify the desired filters, triggers, subscriptions, and log destination.
If these items have not been configured, this is a finding.
Fix Text (F-71245r1_fix)
From the WebGUI Control Panel, click on Troubleshooting >> Click on the Debug Probe tab >> Select a desired service type and service instance >> Click on Add Probe to begin tracking transaction information for that service instance.
From the WebGUI, go to Objects >> Logging Configuration >> Log Target. Configure the desired filters, triggers, subscriptions, and log destination.