Skip to content

Splunk Enterprise must be configured with a report to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

Profiles that employ this XCCDF Rule

  • No profile (default benchmark)

    version: 2 accepted
    Updated 17 days ago
  • I - Mission Critical Classified

    version: 2 accepted
    Updated 17 days ago
  • I - Mission Critical Public

    version: 2 accepted
    Updated 17 days ago
  • I - Mission Critical Sensitive

    version: 2 accepted
    Updated 17 days ago
  • II - Mission Support Classified

    version: 2 accepted
    Updated 17 days ago

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules