The DataPower Gateway providing user access control intermediary services must provide the capability for authorized users to capture, record, and log all content related to a selected user session.
An XCCDF Rule
Description
<VulnDiscussion>Without the capability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. The intent of this requirement is to ensure the capability to select specific sessions to capture is available in order to support general auditing/incident investigation, or to validate suspected misuse by a specific user. Examples of session events that may be captured include, port mirroring, tracking websites visited, and recording information and/or file transfers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-79795r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the WebGUI Control Panel, click on Troubleshooting >> Click on the Debug Probe tab >> Select a desired service type and service instance >> Click on Add Probe to begin tracking transaction information for that service instance.
From the WebGUI, go to Objects >> Logging Configuration >> Log Target. Configure the desired filters, triggers, subscriptions, and log destination.