The DBN-6300 must produce audit log records containing sufficient information to establish what type of event occurred.
An XCCDF Rule
Description
<VulnDiscussion>It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment. Associating event types with detected events in the application and audit logs provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured network device. Without this capability, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Audit records are automatically backed up on a real-time basis via syslog when enabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-91629r1_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Configure the DBN-6300 to be connected to the syslog server. Also configure the DBN-6300 to include audit records in the syslog message feed.
Navigate to Settings >> Advanced >> Syslog.
Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable".