Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

An XCCDF Rule

Description

<VulnDiscussion>Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). This does not apply to audit logs generated on behalf of the device itself (management).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-104215r1_rule
Severity: Medium
References: CCI-001858
Updated: about 1 year ago

Configure the ProxySG to send real-time alerts via SMTP and SNMP.

1. Log on to the Web Management Console.
2. Browse to Maintenance >> SNMP.
3. Check the "Enable SNMPv3" box. 
4. Click the SNMPv3 Users and SNMPv3 Traps tabs and configure per organizational specifications.5. Browse to "Event Logging".
6. Click "Mail" and check the "Send Event Logs" box. 
7. Click "New" and add all desired recipients to the "Names" list.
8. Enter the correct SMTP server and port into the proper fields. 
9. Click "Apply".

For more information, see the ProxySG Administration Guide, Chapter 75: Monitoring the Appliance.

Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

Description

Remediation - Manual Procedure