CCI-000158
Provide the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records.
7 rules found Severity: Medium
2 rules found Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1 rule found Severity: Medium
Nutanix AOS must provide the capability to centrally review and analyze audit records from multiple components within the system.
1 rule found Severity: Medium
The Tanium Connect module must be configured to forward Tanium IOC Detect events to identified destinations.
1 rule found Severity: Medium
The Tanium Connect module must be configured to forward Tanium Detect events to identified destinations.
1 rule found Severity: Medium
The Tanium applications must provide the capability to filter audit records for events of interest based upon organization-defined criteria.
2 rules found Severity: Medium
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
2 rules found Severity: Medium
AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.
1 rule found Severity: Medium
SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
The Tanium applications must be configured to filter audit records for events of interest based on organization-defined criteria.
1 rule found Severity: Medium
The application must provide the capability to filter audit records for events of interest based upon organization-defined criteria.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
1 rule found Severity: Medium
The Central Log Server must be configured to perform on-demand filtering of the log records for events of interest based on organization-defined criteria.
1 rule found Severity: Low
The Central Log Server must be configured to perform on-demand sorting of log records for events of interest based on the content of organization-defined audit fields within log records.
1 rule found Severity: Low
The Central Log Server must be configured to perform on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records.
1 rule found Severity: Low
The operating system must provide the capability to filter audit records for events of interest based upon all audit fields within audit records.
1 rule found Severity: Medium
The Mainframe Products must provide the capability to filter audit records for events of interest as defined in site security plan.
1 rule found Severity: Medium
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
2 rules found Severity: Medium
The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.
2 rules found Severity: Medium