STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.

DISA Rule

SV-80915r1_rule

Vulnerability Number

V-66425

Group Title

SRG-NET-000392-IDPS-00214

Rule Version

JUSX-IP-000023

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

Create a custom rule that identifies the Junos application which is prohibited on the network.

Add the option "alert" onto the rule to send an alert when that rule is invoked. Alerts should be sent only on critical and other site-selected items to prevent an excess of alerts.

[edit]
set security idp idp-policy recommended rulebase-ips rule-1 then notification log-attacks alert

Check Contents

Verify an attack group or rule is configured.

[edit]
show security idp policies

If an attack group or rule is not implemented to detect root-level intrusion attacks or the match condition is not configured for an alert, this is a finding.

Vulnerability Number

V-66425

Documentable

False

Rule Version

JUSX-IP-000023

Severity Override Guidance

Verify an attack group or rule is configured.

[edit]
show security idp policies

If an attack group or rule is not implemented to detect root-level intrusion attacks or the match condition is not configured for an alert, this is a finding.

Check Content Reference

M

Target Key

3037

Comments