STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must disable WMI probing if it is not used.

DISA Rule

SV-228838r557387_rule

Vulnerability Number

V-228838

Group Title

SRG-NET-000131-ALG-000085

Rule Version

PANW-AG-000036

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

To disable WMI probing if it is not used:
Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box.
If it is selected, select the "Edit" icon in the upper-right corner of the pane.
In the "Palo Alto Networks User ID Agent Setup" window, in the "Client Probing" tab, deselect the "Enable Probing" check box.

Check Contents

Ask the Administrator if User-ID uses WMI Probing; if it does, this is not a finding.

Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, this is a finding.

Vulnerability Number

V-228838

Documentable

False

Rule Version

PANW-AG-000036

Severity Override Guidance

Ask the Administrator if User-ID uses WMI Probing; if it does, this is not a finding.

Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, this is a finding.

Check Content Reference

M

Target Key

4233

Comments