STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.

DISA Rule

SV-221940r508660_rule

Vulnerability Number

V-221940

Group Title

SRG-APP-000291-AU-000200

Rule Version

SPLK-CL-000235

Severity

CAT III

CCI(s)

• CCI-001685 - The information system notifies organization-defined personnel or roles for account disabling actions.
• CCI-001686 - The information system notifies organization-defined personnel or roles for account removal actions.
• CCI-001683 - The information system notifies organization-defined personnel or roles for account creation actions.
• CCI-001684 - The information system notifies organization-defined personnel or roles for account modification actions.

Weight

10

Fix Recommendation

This fix applies to Tier 2 CSSP or JRSS instances only.

Configure Splunk notifications and dashboards in accordance with designated SSPs, SOPs, and/or TTPs.

Check Contents

This check applies to Tier 2 CSSP or JRSS instances only.

Verify that notifications and dashboards are configured in accordance with designated SSPs, SOPs, and/or TTPs.

The absence of notifications and dashboards is a finding.

Vulnerability Number

V-221940

Documentable

False

Rule Version

SPLK-CL-000235

Severity Override Guidance

This check applies to Tier 2 CSSP or JRSS instances only.

Verify that notifications and dashboards are configured in accordance with designated SSPs, SOPs, and/or TTPs.

The absence of notifications and dashboards is a finding.

Check Content Reference

M

Target Key

4082

Comments