CounterACT must generate audit log events for a locally developed list of auditable events.
An XCCDF Rule
Description
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.
- ID
- SV-90895r1_rule
- Version
- CACT-NM-000010
- Severity
- Low
- References
- Updated
Remediation Templates
A Manual Procedure
Configure CounterACT to generate audit log events for a locally developed list of auditable events.
1. Open the CounterACT Console.
2. Select Tools >> Options >> Plugin.
3. Select the Syslog Plugin.
4. Select CounterACT or the Enterprise Manager appliance you would like to verify.
5. Ensure additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs".