STIGQter: STIG Summary: DBN-6300 IDPS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

The DBN-6300 must generate log events for detection events based on anomaly analysis.

DISA Rule

SV-79493r1_rule

Vulnerability Number

V-65003

Group Title

SRG-NET-000113-IDPS-00013

Rule Version

DBNW-IP-000012

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the DBN-6300 to be connected to the syslog server.

Navigate to Settings >> Advanced >> Syslog.

Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable".

Click on "Commit".

Check Contents

Verify the DBN-6300 is connected to the syslog server.

Navigate to Settings >> Advanced >> Syslog.

Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected.

If the DBN-6300 is not connected to the syslog server, or if the syslog server is connected when an event/alert occurs and this event does not appear in the syslog server, this is a finding.

Vulnerability Number

V-65003

Documentable

False

Rule Version

DBNW-IP-000012

Severity Override Guidance

Verify the DBN-6300 is connected to the syslog server.

Navigate to Settings >> Advanced >> Syslog.

Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected.

If the DBN-6300 is not connected to the syslog server, or if the syslog server is connected when an event/alert occurs and this event does not appear in the syslog server, this is a finding.

Check Content Reference

M

Target Key

2949

Comments