CCI-001851
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.
31 rules found Severity: Medium
14 rules found Severity: Medium
1 rule found Severity: Low
The A10 Networks ADC must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Low
The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time.
1 rule found Severity: Medium
The BlackBerry UEM server must be configured to transfer BlackBerry UEM server logs to another server for storage, analysis, and reporting. Note: BlackBerry UEM server logs include logs of MDM events and logs transferred to the BlackBerry UEM server by MDM agents of managed devices.
1 rule found Severity: Medium
The CA API Gateway must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Low
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1 rule found Severity: Medium
All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM).
1 rule found Severity: Medium
The FortiGate device must off-load audit records on to a different system or media than the system being audited.
1 rule found Severity: Medium
The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The HP FlexFabric Switch must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The HYCU server must be configured to conduct backups of system-level information when changes occur and to offload audit records onto a different system or media.
1 rule found Severity: Medium
The DataPower Gateway must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Low
The MQ Appliance messaging server must off-load log records onto a different system or media from the system being logged.
1 rule found Severity: Medium
The MQ Appliance messaging server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
1 rule found Severity: Medium
DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
The MaaS360 MDM server must be configured to transfer MaaS360 MDM server logs to another server for storage, analysis, and reporting. Note: MaaS360 MDM server logs include logs of MDM events and logs transferred to the MaaS360 MDM server by MDM agents of managed devices.
1 rule found Severity: Medium
The MQ Appliance network device must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Ivanti MobileIron Core server must be configured to transfer Ivanti MobileIron Core server logs to another server for storage, analysis, and reporting. Note: Ivanti MobileIron Core server logs include logs of UEM events and logs transferred to the Ivanti MobileIron Core server by UEM agents of managed devices.
1 rule found Severity: Medium
The Ivanti MobileIron Core server must, at a minimum, off-load audit logs of interconnected systems in real time and off-load standalone systems weekly.
1 rule found Severity: Medium
MobileIron Sentry must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Low
The ISEC7 EMM Suite must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 EMM Suite components, and off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
2 rules found Severity: Low
The MobileIron Core v10 server must be configured to transfer MobileIron Core v10 server logs to another server for storage, analysis, and reporting. Note: MobileIron Core v10 server logs include logs of MDM events and logs transferred to the MobileIron Core v10 server by MDM agents of managed devices.
1 rule found Severity: Medium
1 rule found Severity: Medium
SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
OHS must be configured to store error log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes.
1 rule found Severity: Medium
OHS must be configured to store access log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes.
1 rule found Severity: Medium
Oracle WebLogic must provide the ability to write specified audit record content to an audit log server.
1 rule found Severity: Medium
Innoslate must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The Samsung SDS EMM must be configured to transfer Samsung SDS EMM logs to another server for storage, analysis, and reporting. Note: Samsung SDS EMM logs include logs of MDM events and logs transferred to the Samsung SDS EMM by MDM agents of managed devices.
1 rule found Severity: Medium
Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.
1 rule found Severity: Medium
A Tanium connector must be configured to send log data to an external audit log reduction-capable system and provide alerts.
1 rule found Severity: Medium
Symantec ProxySG must be configured to support centralized management and configuration of the audit log.
1 rule found Severity: Medium
A Tanium connector must be configured to send log data to an external audit log reduction capable system.
1 rule found Severity: Medium
The Tanium application must offload audit records onto a different system or media than the system being audited.
3 rules found Severity: Medium
The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.
3 rules found Severity: Medium
The Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.
2 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Workspace ONE UEM server must be configured to transfer Workspace ONE UEM server logs to another server for storage, analysis, and reporting. Note: Workspace ONE UEM server logs include logs of MDM events and logs transferred to the Workspace ONE UEM server by MDM agents of managed devices.
1 rule found Severity: Medium
The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected.
1 rule found Severity: Low
The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems.
1 rule found Severity: Low
The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.
2 rules found Severity: Low
MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
2 rules found Severity: Medium
PostgreSQL must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
2 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must off-load audit records onto a different system or media from the system being audited.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system.
1 rule found Severity: Medium
The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
2 rules found Severity: Medium
The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
1 rule found Severity: High
The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.
1 rule found Severity: Low
PostgreSQL must offload audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for standalone systems.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator.
1 rule found Severity: High
The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
3 rules found Severity: High
The Cisco router must be configured to off-load log records onto a different system than the system being audited.
1 rule found Severity: Medium
The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
2 rules found Severity: High
The Cisco ISE must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.
1 rule found Severity: Medium
The Cisco ISE must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Endpoint must offload audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Endpoint must, at a minimum, offload interconnected systems in real-time and offload standalone systems weekly.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must be configured to offload session (call) records to a central log server.
1 rule found Severity: High
The F5 BIG-IP appliance must generate traffic log entries containing information to establish the details of the event, including success or failure of the application of the firewall rule.
1 rule found Severity: Medium
The F5 BIG-IP appliance must generate audit records and send records to redundant central syslog servers that are separate from the appliance.
1 rule found Severity: High
SSMC web server must generate information to be used by external applications or entities to monitor and control remote access.
1 rule found Severity: Medium
SSMC web server must not impede the ability to write specified log record content to an audit log server.
1 rule found Severity: Medium
The HPE Nimble must configure a syslog server onto a different system or media than the system being audited.
1 rule found Severity: Medium
The HPE 3PAR OS must be configured to offload audit records onto a different system or media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.
1 rule found Severity: Medium
The ISEC7 SPHERE must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 SPHERE components, and offload audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: Medium
The Ivanti EPMM server must be configured to transfer Ivanti EPMM server logs to another server for storage, analysis, and reporting. Note: Ivanti EPMM server logs include logs of UEM events and logs transferred to the Ivanti EPMM server by UEM agents of managed devices.
1 rule found Severity: Medium
The Ivanti EPMM server must, at a minimum, off-load audit logs of interconnected systems in real time and off-load standalone systems weekly.
1 rule found Severity: Medium
The Jamf Pro EMM server must be configured to transfer Jamf Pro EMM server logs to another server for storage, analysis, and reporting. Note: Jamf Pro EMM server logs include logs of MDM events and logs transferred to the Jamf Pro EMM server by MDM agents of managed devices.
1 rule found Severity: Medium
1 rule found Severity: Low
The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
MarkLogic Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Low
1 rule found Severity: Medium
MongoDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for standalone systems.
1 rule found Severity: Medium
Azure SQL Database must offload audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
1 rule found Severity: Medium
Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.
1 rule found Severity: Medium
The network device must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: High
The network device must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
The Oracle Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited.
1 rule found Severity: Medium
The Oracle Linux operating system must take appropriate action when the remote logging buffer is full.
1 rule found Severity: Medium
The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server.
1 rule found Severity: Medium
The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited.
1 rule found Severity: Medium
The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full.
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system.
1 rule found Severity: Medium
The MySQL Database Server 8.0 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to use redundant Syslog servers that are configured on a different system than the NetProfiler appliance.
1 rule found Severity: Medium
Redis Enterprise DBMS must offload audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
1 rule found Severity: Medium
Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.
1 rule found Severity: Medium
SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Splunk Enterprise must be configured to offload log records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The TPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.
1 rule found Severity: Medium
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
The TOSS audit records must be offloaded onto a different system or storage media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The web server must not impede the ability to write specified log record content to an audit log server.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Apache web server must not impede the ability to write specified log record content to an audit log server.
2 rules found Severity: Medium
The Apache web server must be configured to integrate with an organizations security infrastructure.
1 rule found Severity: Medium
The Apache web server must be configurable to integrate with an organizations security infrastructure.
1 rule found Severity: Medium
1 rule found Severity: Medium
The application server must off-load log records onto a different system or media from the system being logged.
1 rule found Severity: Medium
The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The application must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.
1 rule found Severity: Low
Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited.
1 rule found Severity: Low
The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO.
1 rule found Severity: High
The Central Log Server must be configured to off-load log records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The Central Log Server must be configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum.
1 rule found Severity: Low
The Cisco switch must be configured to off-load log records onto a different system than the system being audited.
1 rule found Severity: Medium
The Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) must perform centralized logging to capture and store log records.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
1 rule found Severity: Medium
AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
1 rule found Severity: Medium
AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.
1 rule found Severity: Low
The DBMS must off-load audit data to a separate log management facility; this shall be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
The firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.
1 rule found Severity: Medium
The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.
1 rule found Severity: Medium
The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.
1 rule found Severity: Low
1 rule found Severity: Medium
AOS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
The HYCU virtual appliance must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
The operating system must offload audit records onto a different system or media from the system being audited.
1 rule found Severity: Low
The operating system must, at a minimum, off-load audit data from interconnected systems in real time and off-load audit data from standalone systems weekly.
1 rule found Severity: Medium
The HYCU virtual appliance must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
1 rule found Severity: Medium
2 rules found Severity: Medium
IBM z/OS system administrator must develop a procedure to offload SMF files to a different system or media than the system being audited.
3 rules found Severity: Medium
The Juniper router must be configured to off-load log records onto a different system than the system being audited.
1 rule found Severity: Medium
The Juniper router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the Information System Security Officers (ISSO).
1 rule found Severity: High
The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Mainframe Product must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
The system SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
Windows Server 2019 audit records must be backed up to a different system or media than the system being audited.
1 rule found Severity: Medium
Windows Server 2022 audit records must be backed up to a different system or media than the system being audited.
1 rule found Severity: Medium
Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.
1 rule found Severity: Medium
Windows Server 2019 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.
1 rule found Severity: Medium
Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited.
2 rules found Severity: Medium
The Palo Alto Networks security platform must, at a minimum, off-load threat and traffic log records onto a centralized log server in real time.
1 rule found Severity: Low
1 rule found Severity: Medium
Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
1 rule found Severity: Medium
OpenShift components must provide the ability to send audit logs to a central enterprise repository for review and analysis.
1 rule found Severity: Medium
1 rule found Severity: Low
The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Palo Alto Networks security platform must off-load log records to a centralized log server in real-time.
1 rule found Severity: Low
1 rule found Severity: Medium
The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
1 rule found Severity: Medium
RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
1 rule found Severity: Medium
RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.
1 rule found Severity: Medium
RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Low
Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.
2 rules found Severity: Low
The audit system must take appropriate action when the network cannot be used to off-load audit records.
1 rule found Severity: Medium
2 rules found Severity: Medium
The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.
2 rules found Severity: Medium
The SUSE operating system must off-load audit records onto a different system or media from the system being audited.
1 rule found Severity: Medium
1 rule found Severity: Medium
The UEM Agent must be configured to enable the following function: transfer managed endpoint device audit logs read by the UEM Agent to an UEM server or third-party audit management server.
1 rule found Severity: Medium
The UEM server must be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
1 rule found Severity: Medium
The UEM server must, at a minimum, off-load audit logs of interconnected systems in real time and off-load standalone systems weekly.
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: Medium
The NSX Tier-0 Gateway Firewall must be configured to send traffic log entries to a central log server.
1 rule found Severity: Medium
The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly.
1 rule found Severity: Medium
The NSX Tier-1 Gateway firewall must be configured to send traffic log entries to a central audit server.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
3 rules found Severity: Medium
3 rules found Severity: Medium
The vCenter ESX Agent Manager service must offload log records onto a different system or media from the system being logged.
2 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
The vCenter Lookup service must offload log records onto a different system or media from the system being logged.
2 rules found Severity: Medium
1 rule found Severity: Medium
The vCenter Perfcharts service must offload log records onto a different system or media from the system being logged.
2 rules found Severity: Medium
The VPN Gateway must off-load audit records onto a different system or media than the system being audited.
1 rule found Severity: Medium
2 rules found Severity: Medium
The vCenter STS service must offload log records onto a different system or media from the system being logged.
2 rules found Severity: Medium
The vCenter UI service must offload log records onto a different system or media from the system being logged.
2 rules found Severity: Medium