Skip to content
Log In

Palo Alto Networks IDPS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000018-IDPS-00018

    Group
    Show

  • SRG-NET-000077-IDPS-00062

    Group
    Show

  • The Palo Alto Networks security platform must produce audit records containing information to establish the source of the event, including, at a minimum, originating source address.

    Associating the source of the event with detected events in the logs provides a means of investigating an attack or suspected attack. While auditing and logging are closely related, they are not t...
    Rule Medium Severity
    Show

  • SRG-NET-000078-IDPS-00063

    Group
    Show

  • SRG-NET-000089-IDPS-00069

    Group
    Show

  • SRG-NET-000192-IDPS-00140

    Group
    Show

  • SRG-NET-000229-IDPS-00163

    Group
    Show

  • The Palo Alto Networks security platform must detect and deny any prohibited mobile or otherwise malicious code at the enclave boundary.

    Mobile code is defined as software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution ...
    Rule Medium Severity
    Show

  • SRG-NET-000246-IDPS-00205

    Group
    Show

  • The Palo Alto Networks security platform must install updates for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.

    Failing to update malicious code protection mechanisms, including application software files, signature definitions, and vendor-provided rules, leaves the system vulnerable to exploitation by recen...
    Rule Medium Severity
    Show

  • SRG-NET-000249-IDPS-00176

    Group
    Show

  • SRG-NET-000249-IDPS-00222

    Group
    Show

  • The Palo Alto Networks security platform must send an immediate (within seconds) alert to, at a minimum, the SA when malicious code is detected.

    Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be i...
    Rule Medium Severity
    Show

  • SRG-NET-000251-IDPS-00178

    Group
    Show

  • SRG-NET-000273-IDPS-00198

    Group
    Show

  • The Palo Alto Networks security platform must block outbound ICMP Destination Unreachable, Redirect, and Address Mask reply messages.

    Internet Control Message Protocol (ICMP) messages are used to provide feedback about problems in the network. These messages are sent back to the sender to support diagnostics. However, some messag...
    Rule Medium Severity
    Show

  • SRG-NET-000273-IDPS-00204

    Group
    Show

  • SRG-NET-000318-IDPS-00068

    Group
    Show

  • SRG-NET-000318-IDPS-00182

    Group
    Show

  • To protect against unauthorized data mining, the Palo Alto Networks security platform must detect and prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.

    Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks that use unauthorized data mining techniques to attack ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules