The TPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.

An XCCDF Rule

Description

<VulnDiscussion>To support the centralized analysis capability, the IDPS components must be able to provide the information in a format (e.g., Syslog) that can be extracted and used, allowing the application to effectively review and analyze the log records.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-242177r710074_rule
Severity: Medium
References: CCI-000169
Updated: 16 days ago

1. In the Trend Micro SMS, navigate to "Profiles" and "Inspection Profiles" and select the organization's profile. 
2. If there is not one configured, select "Default". 
3. Click "Search". 
4. Under "Filter criteria", select all "Filter categories". Select the "Additional Criteria" section. 
5. Uncheck "permit" and "rate limit", then click "Search". 
6. Once the results are presented, click the "Action Set" column to filter by action type. If any items state "Block":    a. Double-click the item. 
   b. Click the radio button for "User Filter settings". 
   c. On the drop down-menu, select "Block + Notify". 
   d. Click "OK". 
   e. Once under an approved change window, click distribute and send the updated policy to all TPS systems and managed segment-groups. 
   f. Ensure progress completes at 100%.

The TPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.

Description

Remediation - Manual Procedure