STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must be configured to provide report generation that supports after-the-fact investigations of security incidents.

DISA Rule

SV-95163r1_rule

Vulnerability Number

V-80459

Group Title

SRG-APP-000368

Rule Version

BROM-00-000825

Severity

CAT III

CCI(s)

• CCI-001880 - The information system provides a report generation capability that supports after-the-fact investigations of security incidents.

Weight

10

Fix Recommendation

From the management console, navigate to the "Threats" menu.

1. Select the security incident in question. View all after-the-fact information.
2. Click "Generate Report" to create a report in Security Threat Information Exchange (STIX) or Malware Attribution Enumeration and Characterization (MAEC) format.
3. Click "Threat Information" to export security incident-related information such as file hashes and IP addresses (in ".csv" format).

Check Contents

Examine the site System Security Plan (SSP) or other documentation. Verify there is a documented procedure for when security incident reports need to be exported.

If a procedure for providing report generation that supports after-the-fact investigations of security incidents has not been documented, this is a finding.

Vulnerability Number

V-80459

Documentable

False

Rule Version

BROM-00-000825

Severity Override Guidance

Examine the site System Security Plan (SSP) or other documentation. Verify there is a documented procedure for when security incident reports need to be exported.

If a procedure for providing report generation that supports after-the-fact investigations of security incidents has not been documented, this is a finding.

Check Content Reference

M

Target Key

3375

Comments