STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.

DISA Rule

SV-221612r508660_rule

Vulnerability Number

V-221612

Group Title

SRG-APP-000125-AU-000300

Rule Version

SPLK-CL-000105

Severity

CAT III

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Implement a backup plan for the Splunk log data, following the Splunk documentation on backing up indexed data. Use the underlying OS backup tools, or another approved backup tool.

Check Contents

Interview the SA to verify that a process exists to back up the Splunk log data every seven days, using the underlying OS backup tools, or another approved backup tool.

If a backup plan does not exist for the Splunk log data, this is a finding.

Vulnerability Number

V-221612

Documentable

False

Rule Version

SPLK-CL-000105

Severity Override Guidance

Interview the SA to verify that a process exists to back up the Splunk log data every seven days, using the underlying OS backup tools, or another approved backup tool.

If a backup plan does not exist for the Splunk log data, this is a finding.

Check Content Reference

M

Target Key

4082

Comments