The SMS and TPS must provide log information in a format that can be extracted and used by centralized analysis tools.

An XCCDF Rule

Description

<VulnDiscussion>Centralized review and analysis of log records from multiple SMS and TPS components gives the organization the capability to better detect distributed attacks and provides increased data points for behavior analysis techniques. These techniques are invaluable in monitoring for indicators of complex attack patterns.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-242187r710104_rule
Severity: Medium
References: CCI-000154
Updated: 16 days ago

1. In the Trend Micro SMS interface, go to the "Admin" tab, and select "Server Properties". 
2. Select the "syslog" tab. 
3. Click "New".
4. Under syslog server type the hostname or IP address of the syslog server.
5. Click TCP to ensure logging data is queued in the case of disconnection of the syslog server. 
6. Type the port used by the centralized logging server (traditionally it is port 514). 7. Under log type, select "Device System". 
8. Under facility click "Log System". 
9. Click Event timestamp under "Include Timestamp in Header". 
10. Select "Include SMS hostname in header".
Repeat this one more time changing the Log Type to include SMS System.

The SMS and TPS must provide log information in a format that can be extracted and used by centralized analysis tools.

Description

Remediation - Manual Procedure