Skip to content

Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received.

Profiles that employ this XCCDF Rule

  • No profile (default benchmark)

    version: 3 accepted
    Updated 17 days ago
  • I - Mission Critical Classified

    version: 3 accepted
    Updated 17 days ago
  • I - Mission Critical Public

    version: 3 accepted
    Updated 17 days ago
  • I - Mission Critical Sensitive

    version: 3 accepted
    Updated 17 days ago
  • II - Mission Support Classified

    version: 3 accepted
    Updated 17 days ago

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules