MobileIron Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.

An XCCDF Rule

Description

<VulnDiscussion>Without syslog enabled it will be difficult for an ISSO to correlate the users behavior and identify potential threats within the logs.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251006r802240_rule
Severity: High
References: CCI-002605
Updated: about 1 year ago

Configure the MobileIron Sentry to forward syslog data using the steps below Refer to "MobileIron Sentry Guide for Core", section "Syslog", page 140.
  
 1. Log in to the MobileIron Sentry.
 2. Navigate to "Settings".
 3. Scroll down to "Syslog".
 4. If there is no syslog server entry, ADD the server:      a. Add Server IP address.
      b. Add Port.
      c. Select/add Facility Types and Log Levels.
     d. Enable Admin state.

MobileIron Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.

Description

Remediation - Manual Procedure