Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.

An XCCDF Rule

Description

<VulnDiscussion>Having a separate, secure location for log records is essential to the preservation of logs as required by policy.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-233324r856510_rule
Severity: Medium
References: CCI-001851
Updated: 19 days ago

Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity.

1. Go to Tools >> Options >> Syslog.
2. Click Add/Edit.
3. Configure the Syslog:
- Syslog Server IP address- Server Port
- Server Protocol set to TCP
- Check the Use TLS setting
- Configure the Identity, Facility, and Severity.
4. Click "Ok".
5. Click "Apply".

Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.

Description

Remediation - Manual Procedure