Forescout must be configured to log records onto a centralized events server. This is required for compliance with C2C Step 1.
An XCCDF Rule
Description
<VulnDiscussion>Keeping an established, connection-oriented audit record is essential to keeping audit logs in accordance with DoD requirements.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233323r856509_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity.
1. Go to Tools >> Options >> Syslog.
2. Click Add/Edit.
3. Configure the Syslog:
- Syslog Server IP address