Skip to content
Catalogs
XCCDF
Oracle WebLogic Server 12c Security Technical Implementation Guide
SRG-APP-000100-AS-000063
Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. An XCCDF Rule
Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Medium Severity
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
Application servers have differing levels of logging capabilities which can be specified by setting a verbosity level. The application server must, at a minimum, be capable of establishing the identity of any user or process that is associated with any particular event.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>