Skip to content

The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur.

An XCCDF Rule

Description

<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. By default, the Configuration Log contains the administrator username, client (Web or CLI), and date and time for any changes to configurations and for configuration commit actions. The System Log also shows both successful and unsuccessful attempts for configuration commit actions. The System Log and Configuration Log can be configured to send log messages by severity level to specific destinations; the Panorama management console, an SNMP console, an e-mail server, or a syslog server. Since both the System Log and Configuration Log contain information concerning the use of privileges, both must be configured to send messages to a syslog server at a minimum.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-228642r960885_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Create a syslog server profile. 
Go to Device >> Server Profiles >> Syslog
Select "Add" 
In the "Syslog Server Profile", enter the name of the profile; select "Add".
In the "Servers" tab, enter the required information.
Name: Name of the syslog server