Skip to content
Log In

Splunk Enterprise 7.x for Windows Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000359-AU-000120

    Group
    Show

  • SRG-APP-000360-AU-000130

    Group
    Show

  • Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received.

    It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impe...
    Rule Low Severity
    Show

  • SRG-APP-000361-AU-000140

    Group
    Show

  • Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.

    If the system were to continue processing after audit failure, actions could be taken on the system that could not be tracked and recorded for later forensic analysis. To perform this function, som...
    Rule Low Severity
    Show

  • SRG-APP-000516-AU-000350

    Group
    Show

  • Splunk Enterprise must be configured to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

    Detecting when multiple systems are showing anomalies can often indicate an attack. Notifying appropriate personnel can initiate a proper response and mitigation of the attack. Splunk can aggregat...
    Rule Medium Severity
    Show

  • SRG-APP-000166-AU-002490

    Group
    Show

  • Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Low Severity
    Show

  • SRG-APP-000167-AU-002500

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules