Oracle WebLogic Server 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000098-AS-000061
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must produce audit records containing sufficient information to establish the sources of the events.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Low Severity -
SRG-APP-000099-AS-000062
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must produce audit records that contain sufficient information to establish the outcome (success or failure) of application server and application events.
<VulnDiscussion> Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessar...Rule Low Severity -
SRG-APP-000100-AS-000063
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must utilize automated mechanisms to prevent program execution on the information system.
<VulnDiscussion>The application server must provide a capability to halt or otherwise disable the automatic execution of deployed application...Rule Low Severity -
SRG-APP-000148-AS-000101
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000515-AS-000203
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must provide the ability to write specified audit record content to an audit log server.
<VulnDiscussion> Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessar...Rule Medium Severity -
SRG-APP-000108-AS-000067
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur.
<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required....Rule Low Severity -
SRG-APP-000108-AS-000067
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure.
<VulnDiscussion> Audit processing failures include, but are not limited to, failures in the application server log capturing mechanisms or au...Rule Low Severity -
SRG-APP-000108-AS-000067
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure.
<VulnDiscussion> Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage ca...Rule Low Severity -
SRG-APP-000116-AS-000076
<GroupDescription></GroupDescription>Group -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must use internal system clocks to generate time stamps for audit records.
<VulnDiscussion>Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlate...Rule Low Severity -
SRG-APP-000372-AS-000212
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.