Free DISA STIG and SRG Library | Vaulted

V-55335

The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.

Finding ID
SRG-NET-000091-IDPS-00193
Rule ID
SV-69581r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000091-IDPS-00193
CCI
CCI-000154
Target Key
(None)
Documentable
No
Discussion

Centralized review and analysis of log records from multiple IDPS components gives the organization the capability to better detect distributed attacks and provides increased data points for behavior analysis techniques. These techniques are invaluable in monitoring for indicators of complex attack patterns. To support the centralized analysis capability, the IDPS components must be able to provide the information in a format (e.g., Syslog) that can be extracted and used, allowing the application to effectively review and analyze the log records.

Fix Text

Configure the IDPS to provide log information in a format that can be extracted and used by centralized analysis tools.

Check Content

Verify the IDPS provides log information in a format that can be extracted and used by centralized analysis tools. If the IDPS does not provide log information in a format that can be extracted and used by centralized analysis tools, this is a finding.