STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:SV-80491r1_rule
V-66001
SRG-APP-000471
TMDS-00-000345
CAT II
10
Configure the Trend Deep Security server to alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
Configure Events and Alerts to notify the SA and ISSO using the Administration >> System Settings >> Alerts tab. Inset a distribution email address into the “Alert Event Forwarding (From The Manager).” The distribution email address must be configured within Exchange or other email server and must associate the SA and ISSO accounts reviewing and/or managing the system.
Enable Intrusion Prevention by selecting the “Computers” tab from the top menu and double click on the computer that is to be configured from list. Click Intrusion Prevention >> General. Select “On” under “Configuration”.
Enable Alerts by selecting a rule from the “Assigned Intrusion Prevention Rules” by double clicking to bring up the properties. Select the “Options” tab and set the “Alert” tab to “On”.
Review the Trend Deep Security server configuration to ensure ISSO, ISSM, and other individuals designated by the local organization are alerted when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
1. Analyze the system using the Administration >> System Settings >> Alerts tab.
Review the email address listed in the “Alert Event Forwarding (From The Manager).”
If this email address is not present or does not belong to a distribution group for system administrators and ISSOs, this is a finding.
2. Select Computers from the top menu and double click on any computer from the “Computers” window. Click the “Intrusion Prevention” option and review the Configuration setting under the “General” tab.
If “Intrusion Prevention” is set to “Off”, this is a finding
3. Select a rule from the “Assigned Intrusion Prevention Rules” and double click to bring up the properties. Click “Options” and verify that the “Alert” tab is set to “On”.
If “Alert” is set to “Off”, this is a finding.
V-66001
False
TMDS-00-000345
Review the Trend Deep Security server configuration to ensure ISSO, ISSM, and other individuals designated by the local organization are alerted when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
1. Analyze the system using the Administration >> System Settings >> Alerts tab.
Review the email address listed in the “Alert Event Forwarding (From The Manager).”
If this email address is not present or does not belong to a distribution group for system administrators and ISSOs, this is a finding.
2. Select Computers from the top menu and double click on any computer from the “Computers” window. Click the “Intrusion Prevention” option and review the Configuration setting under the “General” tab.
If “Intrusion Prevention” is set to “Off”, this is a finding
3. Select a rule from the “Assigned Intrusion Prevention Rules” and double click to bring up the properties. Click “Options” and verify that the “Alert” tab is set to “On”.
If “Alert” is set to “Off”, this is a finding.
M
2955