Skip to content
Log In

Palo Alto Networks IDPS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000334-IDPS-00191

    Group
    Show

  • The Palo Alto Networks security platform must off-load log records to a centralized log server.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audit information does not get overwritten if the limited audit storage capa...
    Rule Low Severity
    Show

  • SRG-NET-000362-IDPS-00196

    Group
    Show

  • SRG-NET-000362-IDPS-00198

    Group
    Show

  • SRG-NET-000383-IDPS-00208

    Group
    Show

  • SRG-NET-000384-IDPS-00209

    Group
    Show

  • SRG-NET-000385-IDPS-00210

    Group
    Show

  • The Palo Alto Networks security platform must generate a log record when unauthorized network services are detected.

    Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network serv...
    Rule Medium Severity
    Show

  • SRG-NET-000385-IDPS-00211

    Group
    Show

  • SRG-NET-000390-IDPS-00212

    Group
    Show

  • SRG-NET-000391-IDPS-00213

    Group
    Show

  • The Palo Alto Networks security platform must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions.

    If outbound communications traffic is not continuously monitored for unusual/unauthorized activities or conditions, there will be times when hostile activity may not be noticed and defended against...
    Rule Medium Severity
    Show

  • SRG-NET-000392-IDPS-00214

    Group
    Show

  • SRG-NET-000392-IDPS-00215

    Group
    Show

  • SRG-NET-000392-IDPS-00216

    Group
    Show

  • SRG-NET-000392-IDPS-00218

    Group
    Show

  • SRG-NET-000392-IDPS-00219

    Group
    Show

  • SRG-NET-000511-IDPS-00012

    Group
    Show

  • The Palo Alto Networks security platform must enable Antivirus, Anti-spyware, and Vulnerability Protection for all authorized traffic.

    The flow of all communications traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. Restricting the flow of communications...
    Rule Medium Severity
    Show

  • The Palo Alto Networks security platform must capture traffic of detected/dropped malicious code.

    Associating event outcome with detected events in the log provides a means of investigating an attack or suspected attack. The logs should identify what servers, destination addresses, application...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules