TPS must support centralized management and configuration of the content captured in audit records generated by all TPS components by using the Security Management System (SMS).
An XCCDF Rule
Description
<VulnDiscussion>Without the ability to centrally manage the content captured in the log records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an attack. Centralized management and storage of log records increases efficiency in maintenance and management of records as well as facilitates the backup and archiving of those records. The TPS must be configured to support centralized management and configuration of the content to be captured in audit records generated by all network components. IDPS sensors and consoles must have the capability to support centralized logging. They must be configured to send log messages to centralized, redundant servers and be capable of being remotely configured to change logging parameters (such as facility and severity levels).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242183r710092_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. On the SMS, go to "Devices" and click "all devices".
2. Click "New Device".
3. Under "Add device" enter the IPv4 or IPv6 address of the TPS to be managed by SMS.
4. Under "Authentication" add the device username and password that was configured upon initial TPS setup.
5. Select which device group it should be part of.
6. Ensure it is under the IPS/TPS device type.