STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.

DISA Rule

SV-80919r1_rule

Vulnerability Number

V-66429

Group Title

SRG-NET-000392-IDPS-00218

Rule Version

JUSX-IP-000025

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

Configure alerts for IDP attack by using the [edit security alarms potential-violation] command.

Add the option "alert" onto the rule to send an alert when that rule is invoked. Alerts should be sent only on critical and other site-selected items to prevent an excess of alerts.

[edit]
set security idp idp-policy recommended rulebase-ips rule-1 then notification log-attacks alert

Check Contents

Verify alerts are configured to implement this requirement.

[edit]
show security alarms potential-violation

If alerts are not configured to notify the ISSO and ISSM of potential-violation IDP events, this is a finding.

Vulnerability Number

V-66429

Documentable

False

Rule Version

JUSX-IP-000025

Severity Override Guidance

Verify alerts are configured to implement this requirement.

[edit]
show security alarms potential-violation

If alerts are not configured to notify the ISSO and ISSM of potential-violation IDP events, this is a finding.

Check Content Reference

M

Target Key

3037

Comments