STIGQter STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

Kona Site Defender providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.

DISA Rule

SV-91141r1_rule

Vulnerability Number

V-76445

Group Title

SRG-NET-000392-ALG-000141

Rule Version

AKSD-WF-000034

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Click the "Add Notification" button shaped like a plus sign.
7. Click the "Show Advanced View" link.
8. Set the "Notification Name" to "WAF Activity Mitigated"
9. Enter a more detailed description in the “Description” text box.
10. Set the priority to "high".
11. In the "Notify When:" section, set "Mitigated" to greater than (>) 1.
12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box.
13. Set "During:" to "1 Minute".
14. Set "Notify After:" to "1" occurrences.
15. Select the "Host Name" check box in the "For:" area.
16. Add the ISSO and ISSM emails to the "Email to:" field.
17. Click the “Save” button.

Check Contents

Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1".

If the alerts are not being sent, this is a finding.

Vulnerability Number

V-76445

Documentable

False

Rule Version

AKSD-WF-000034

Severity Override Guidance

Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1".

If the alerts are not being sent, this is a finding.

Check Content Reference

M

Target Key

3165

Comments