STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

DISA Rule

SV-104215r1_rule

Vulnerability Number

V-94261

Group Title

SRG-NET-000335-ALG-000053

Rule Version

SYMP-AG-000230

Severity

CAT II

CCI(s)

• CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

10

Fix Recommendation

Configure the ProxySG to send real-time alerts via SMTP and SNMP.

1. Log on to the Web Management Console.
2. Browse to Maintenance >> SNMP.
3. Check the "Enable SNMPv3" box.
4. Click the SNMPv3 Users and SNMPv3 Traps tabs and configure per organizational specifications.
5. Browse to "Event Logging".
6. Click "Mail" and check the "Send Event Logs" box.
7. Click "New" and add all desired recipients to the "Names" list.
8. Enter the correct SMTP server and port into the proper fields.
9. Click "Apply".

For more information, see the ProxySG Administration Guide, Chapter 75: Monitoring the Appliance.

Check Contents

Verify that the ProxySG is configured to send real-time alerts via SMTP and SNMP.

1. Log on to the Web Management Console.
2. Browse to Maintenance >> SNMP.
3. Verify that SNMP is enabled and configured.
4. Browse to "Event Logging".
5. Click "Mail" and verify that "Send Event Logs" is enabled and recipients are specified in the "Names" list and an SMTP server is specified.

If Symantec ProxySG does not provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server, this is a finding.

Vulnerability Number

V-94261

Documentable

False

Rule Version

SYMP-AG-000230

Severity Override Guidance

Verify that the ProxySG is configured to send real-time alerts via SMTP and SNMP.

1. Log on to the Web Management Console.
2. Browse to Maintenance >> SNMP.
3. Verify that SNMP is enabled and configured.
4. Browse to "Event Logging".
5. Click "Mail" and verify that "Send Event Logs" is enabled and recipients are specified in the "Names" list and an SMTP server is specified.

If Symantec ProxySG does not provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server, this is a finding.

Check Content Reference

M

Target Key

3515

Comments