Prisma Cloud Compute must be configured to send events to the hosts' syslog.

An XCCDF Rule

Description

<VulnDiscussion>Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must be properly collected and secured. Prisma Cloud Compute can be configured to send audit events to the host node's syslog in RFC5424-compliant format. Satisfies: SRG-APP-000111-CTR-000220, SRG-APP-000181-CTR-000485, SRG-APP-000358-CTR-000805, SRG-APP-000474-CTR-001180, SRG-APP-000516-CTR-000790</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253530r879572_rule
Severity: Medium
References: CCI-000154 CCI-000366 CCI-001851 CCI-001876 CCI-002702
Updated: about 1 year ago

Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab. 

Set Syslog to "enabled".

Select the "Manage" tab.
Click "Add profile".

Complete the form based on the organization. At a minimum, the following Alert triggers must be selected:
- Host vulnerabilities.
- Image vulnerabilities.

Click "Save".

Prisma Cloud Compute must be configured to send events to the hosts' syslog.

Description

Remediation - Manual Procedure