STIGQter STIGQter: STIG Summary: Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide Version: 2 Release: 6 Benchmark Date: 24 Jul 2020:

The IDPS must produce audit records containing sufficient information to establish what type of event occurred, including, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, and criticality level/alert code or description.

DISA Rule

SV-45382r2_rule

Vulnerability Number

V-34540

Group Title

SRG-NET-000074-IDPS-00059

Rule Version

SRG-NET-000074-IDPS-00059

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the IDPS components to ensure entries sent to the audit log include sufficient information to determine the type or category for each audit event recorded in the audit log, including, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, and criticality level/alert code or description.

Check Contents

Verify the entries sent to the audit log include, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, criticality level/alert code or description.

If the audit log event records does not include, at a minimum, event descriptions, policy filter, rule signature invoked, port, protocol, and criticality level/alert code or description, this is a finding.

Vulnerability Number

V-34540

Documentable

False

Rule Version

SRG-NET-000074-IDPS-00059

Severity Override Guidance

Verify the entries sent to the audit log include, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, criticality level/alert code or description.

If the audit log event records does not include, at a minimum, event descriptions, policy filter, rule signature invoked, port, protocol, and criticality level/alert code or description, this is a finding.

Check Content Reference

M

Target Key

2358

Comments