The BlackBerry UEM server must be configured to transfer BlackBerry UEM server logs to another server for storage, analysis, and reporting. Note: BlackBerry UEM server logs include logs of MDM events and logs transferred to the BlackBerry UEM server by MDM agents of managed devices.
An XCCDF Rule
Description
<VulnDiscussion>Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. Since the BlackBerry UEM server has limited capability to store mobile device log files and perform analysis and reporting of mobile device log files, the BlackBerry UEM server must have the capability to transfer log files to an audit log management server. SFR ID: FMT_SMF.1.1(2) c.8, FAU_STG_EXT.1.1(1)</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224375r604136_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The Admin must access the UEM server.
Configuring trust:
1. Get the CA that signs the Syslog server cert.
2. Upload the CA into the UEM server.
- From the CMD prompt on the UEM server follow the instructions found on page 70-71 of the Admin Guide, "Setup export of server audit records to a syslog server".
3. Configure UEM to send audit data to the Syslog server.