STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must send log records to a central log server (i.e., syslog server).

DISA Rule

SV-95153r1_rule

Vulnerability Number

V-80449

Group Title

SRG-APP-000356

Rule Version

BROM-00-000760

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Configure the BEC to automatically forward events to the desired syslog destination.

1. From the management console, click on the selection arrow next to "Events".
2. Click on "Destinations".
3. Click on "Add Syslog Destination".
4. Configure syslog server parameters and select severity levels to forward.
5. Click "Save ".

Additional syslog destinations may be configured for forwarding events to multiple destinations simultaneously.

Check Contents

Verify that a syslog destination is configured on the BEC server.

1. From the management console, click the selection arrow next to "Events".
2. Click "Destinations".
3. Inspect the list of configured syslog destinations.

If the BEC does not automatically forward events to a syslog destination, this is a finding.

Vulnerability Number

V-80449

Documentable

False

Rule Version

BROM-00-000760

Severity Override Guidance

Verify that a syslog destination is configured on the BEC server.

1. From the management console, click the selection arrow next to "Events".
2. Click "Destinations".
3. Inspect the list of configured syslog destinations.

If the BEC does not automatically forward events to a syslog destination, this is a finding.

Check Content Reference

M

Target Key

3375

Comments