STIGQter: STIG Summary: Palo Alto Networks IDPS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.

DISA Rule

SV-207714r557390_rule

Vulnerability Number

V-207714

Group Title

SRG-NET-000392-IDPS-00218

Rule Version

PANW-IP-000055

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

Configure a Server Profile for use with Log Forwarding Profile(s); If email is used, the ISSO and ISSM must be recipients.
Configure a Log Forwarding Profile; this is under Objects >> Log Forwarding.
Go to Policies >> DoS Protection
Select "Add" to create a new policy or select the Name of the Policy to edit it.
In the "DoS Rule" window, complete the required fields.
In the "Option/Protection" tab, in the "Log Forwarding" field, select the configured Log Forwarding Profile.
Select "OK".
Commit changes by selecting "Commit" in the upper-right corner of the screen. Select "OK" when the confirmation dialog appears.

Check Contents

Ask the Administrator how the ISSO and ISSM are receiving alerts (E-mail, SNMP Trap, or Syslog).

View the configured Server Profile; if there is no Server Profile for the method explained, this is a finding.

View the Log Forwarding Profiles; this is under Objects >> Log Forwarding. Determine which Server Profile is associated with each Log Forwarding Profile.
Go to Policies >> DoS Protection
If there are no DoS Protection Policies, this is a finding.

There may be more than one configured DoS Protection Policy.
If there is no such DoS Protection Policy, this is a finding.

In the "Log Forwarding" field, if there is no configured Log Forwarding Profile, this is a finding.

Vulnerability Number

V-207714

Documentable

False

Rule Version

PANW-IP-000055

Severity Override Guidance

Ask the Administrator how the ISSO and ISSM are receiving alerts (E-mail, SNMP Trap, or Syslog).

View the configured Server Profile; if there is no Server Profile for the method explained, this is a finding.

View the Log Forwarding Profiles; this is under Objects >> Log Forwarding. Determine which Server Profile is associated with each Log Forwarding Profile.
Go to Policies >> DoS Protection
If there are no DoS Protection Policies, this is a finding.

There may be more than one configured DoS Protection Policy.
If there is no such DoS Protection Policy, this is a finding.

In the "Log Forwarding" field, if there is no configured Log Forwarding Profile, this is a finding.

Check Content Reference

M

Target Key

2927

Comments