STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

DISA Rule

SV-104499r1_rule

Vulnerability Number

V-94669

Group Title

SRG-APP-000360-NDM-000295

Rule Version

SYMP-NM-000090

Severity

CAT III

CCI(s)

CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

Fix Recommendation

Configure the ProxySG to send notifications.

1. Log on to the Web Management Console.
2. Click Maintenance >> Events Logging.
3. Select "Severe".
4. Select the "Mail" tab and enter the email address to receive the email alert.
5. Click "Apply".

Check Contents

Verify the Symantec ProxySG is configured to send alerts when event logging fails.

1. Log on to the Web Management Console.
2. Click Maintenance >> Events Logging.
3. Confirm that "Severe" is checked.
4. Select the "Mail" tab and confirm an email address of an administrator is entered.

If Symantec ProxySG does not generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent, this is a finding.

Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments