STIGQter STIGQter: STIG Summary: Central Log Server Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

The Central Log Server must be configured to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

DISA Rule

SV-95897r1_rule

Vulnerability Number

V-81183

Group Title

SRG-APP-000516-AU-000350

Rule Version

SRG-APP-000516-AU-000350

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Central Log Server to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

Check Contents

Note: This is not applicable (NA) if the Central Log Server (e.g., syslog, SIEM) does not perform analysis. This is NA if notifications are performed by another device.

Examine the configuration.

Verify the Central Log Server is configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

If the Central Log Server is not configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage, this is a finding.

Vulnerability Number

V-81183

Documentable

False

Rule Version

SRG-APP-000516-AU-000350

Severity Override Guidance

Note: This is not applicable (NA) if the Central Log Server (e.g., syslog, SIEM) does not perform analysis. This is NA if notifications are performed by another device.

Examine the configuration.

Verify the Central Log Server is configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

If the Central Log Server is not configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage, this is a finding.

Check Content Reference

M

Target Key

3395

Comments