The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-230943r961860_rule
Severity: Low
References: CCI-001851
Updated: 17 days ago

Configure the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click "Add".
4. Enter the IP address of the site's centralized syslog.5. Check "Use TLS".
6. Configure OCSP, Identity, Facility, and Severity as required by the SSP.

The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.

Description

Remediation - Manual Procedure