STIGQter STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.

DISA Rule

SV-230943r615886_rule

Vulnerability Number

V-230943

Group Title

SRG-APP-000515-NDM-000325

Rule Version

FORE-NM-000150

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click "Add".
4. Enter the IP address of the site's centralized syslog.
5. Check "Use TLS".
6. Configure OCSP, Identity, Facility, and Severity as required by the SSP.

Check Contents

Verify the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click the IP address of the site's centralized syslog server.
4. Verify "Use TLS" is checked.
5. Verify OCSP, Identity, Facility, and Severity, as required by the SSP, are configured.

If the site's syslog server is not configured or if it is not configure to use TLS and OCSP, this is a finding.

Vulnerability Number

V-230943

Documentable

False

Rule Version

FORE-NM-000150

Severity Override Guidance

Verify the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click the IP address of the site's centralized syslog server.
4. Verify "Use TLS" is checked.
5. Verify OCSP, Identity, Facility, and Severity, as required by the SSP, are configured.

If the site's syslog server is not configured or if it is not configure to use TLS and OCSP, this is a finding.

Check Content Reference

M

Target Key

5245

Comments