STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

DISA Rule

SV-224199r508023_rule

Vulnerability Number

V-224199

Group Title

SRG-APP-000360-DB-000320

Rule Version

EP11-00-008100

Severity

CAT II

CCI(s)

• CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

10

Fix Recommendation

Install PEM (or similar tool) and configure a probe to monitor "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching capacity.

(The default path for the postgresql data directory is C:\Program Files\edb\as<version>\data, but this will vary according to local circumstances.)

Example steps for creating a probe are below, using the thin client (browser) PEM interface. Refer also to the Supplemental Procedures document, supplied with this STIG.

Open the PEM web console in a browser.
- Log in.
- Click on the agent for the machine to be monitored.
- Select "Management | Probe Configuration".
- Select "Disk Space" and set the check interval as you like.
- Select "Management | Alerting".
- Name the definition "Audit Log Full".
- Select Template "Disk Consumption Percentage".
- Set Frequency, Comparison Operator, and Thresholds (1 minute, >, 90/95/98 for example).
- Enter the Location for the audit log.
- Click Notification tab.
- Click Email all alerts.
- Click Add/Change to save, click "OK" to exit dialog box.

Check Contents

If Postgres Enterprise Manager (PEM) or another similar monitoring capability is not installed and configured to probe storage volume utilization of "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching capacity, this is a finding.

(The default path for the postgresql data directory is C:\Program Files\edb\as<version>\data, but this will vary according to local circumstances.)

Vulnerability Number

V-224199

Documentable

False

Rule Version

EP11-00-008100

Severity Override Guidance

If Postgres Enterprise Manager (PEM) or another similar monitoring capability is not installed and configured to probe storage volume utilization of "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching capacity, this is a finding.

(The default path for the postgresql data directory is C:\Program Files\edb\as<version>\data, but this will vary according to local circumstances.)

Check Content Reference

M

Target Key

4107

Comments