STIGQter: STIG Summary: Palo Alto Networks NDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: STIGQter: STIG Summary: Palo Alto Networks NDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:SV-77261r1_rule
V-62771
SRG-APP-000516-NDM-000333
PANW-NM-000131
CAT II
10
For SNMP traps, follow the following steps:
Configure the SNMP Trap Destinations; go to
Device >> Server Profiles >> SNMP Trap
Select "Add".
In the "SNMP Trap Server Profile" window, enter the required information.
For SNMP Version, select "V3".
Enter the name of the SNMP Server Profile.
Select "Add".
Server—Specify the SNMP trap destination name (up to 31 characters).
Manager—Specify the IP address of the trap destination.
User—Specify the SNMP user.
EngineID—Specify the engine ID of the firewall. The input is a string in hexadecimal representation. The engine ID is any number between 5 to 64 bytes. When represented as a hexadecimal string, this is between 10 and 128 characters (2 characters for each byte) with two additional characters for 0x that must be used as a prefix in the input string.
Auth Password—Specify the user’s authentication password (minimum 8 characters, maximum of 256 characters, and no character restrictions). Only Secure Hash Algorithm (SHA) is supported.
Priv Password—Specify the user’s encryption password (minimum 8 characters, maximum of 256 characters, and no character restrictions). Only Advanced Encryption Standard (AES) is supported.
Select "OK".
Configure generating "Traps for Threat" events:
Objects >> Log Forwarding
Select "Add".
In the "Log Forwarding Profile" window, enter the required information.
Enter the name of the Log Forwarding Profile.
In the "Threat Settings" section, in the "SNMP Trap" field for each Severity, select the SNMP Trap Server Profile.
Select "OK".
Add the Log Forwarding Profile to the security policies to trigger log forwarding to the SNMP server.
Go to Policies >> Security
Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.
Go to "Actions" (tab); in the "Log forwarding" field, select the "log forwarding" profile.
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.
Note: The actual method is determined by the organization.
Review the system/network documentation to determine who the Points of Contact are and which methods are being used.
If the selected method is SNMP, verify that the device is configured.
Go to Device >> Server Profiles
If no SNMP servers are configured, this is a finding.
Go to Objects >> Log Forwarding
If no Log Forwarding Profile is listed, this is a finding.
If the "Log Type" column does not include "Threat", this is a finding.
If any Severity is not listed, this is a finding.
V-62771
False
PANW-NM-000131
Note: The actual method is determined by the organization.
Review the system/network documentation to determine who the Points of Contact are and which methods are being used.
If the selected method is SNMP, verify that the device is configured.
Go to Device >> Server Profiles
If no SNMP servers are configured, this is a finding.
Go to Objects >> Log Forwarding
If no Log Forwarding Profile is listed, this is a finding.
If the "Log Type" column does not include "Threat", this is a finding.
If any Severity is not listed, this is a finding.
M
2811