The Palo Alto Networks security platform must generate a log record that can be used to send an alert to, at a minimum, the information system security officer (ISSO) and information system security manager (ISSM) when denial-of-service (DoS) incidents are detected.

Description

<VulnDiscussion>Without an alert, security personnel may be unaware of major detection incidents that require immediate action, and this delay may result in the loss or compromise of information. CJCSM 6510.01B, "Cyber Incident Handling Program", lists nine Cyber Incident and Reportable Event Categories. DOD has determined that categories identified by CJCSM 6510.01B Major Indicators (category 1, 2, 4, or 7 detection events) will require an alert when an event is detected. Alerts may be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. The Palo Alto Networks security platform must either send the alert to a management console that is actively monitored by authorized personnel or use a messaging capability to send the alert directly to designated personnel. Configure a Server Profile for use with Log Forwarding Profile(s);if email is used, the ISSO and ISSM must be recipients. Some sites have discovered that, when configuring Zone Protection, if the "Log Setting" is not configured for the zones where Zone Protection is applied (i.e., Log Setting is set to "None"), then the "Log Setting" column will show blank for those zone under Network >> Zones, and alerts for Zone Protection events will not be sent. Thus, alternative mitigations have been provided to meet this requirement.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>