The Cisco ISE must generate log records for a locally developed list of auditable events.
An XCCDF Rule
Description
<VulnDiscussion>Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. In Cisco ISE a logging category is a bundle of message codes that describe a function, a flow, or a use case. In Cisco ISE, each log is associated with a message code that is bundled with the logging categories according to the log message content. Logging categories help describe the content of the messages that they contain. Logging categories promote logging configuration. Each category has a name, target, and severity level that you can set, as per your application requirement. Cisco ISE provides predefined logging categories for services, such as Posture, Profiler, Guest, AAA (authentication, authorization, and accounting), and so on, to which you can assign log targets.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242636r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Enable logging categories for Cisco ISE to send auditable events to the remote syslog target.
1. Log in to the Admin portal.
2. Choose Administration >> System >> Logging >> Logging Categories.
3. Click the radio button next to the desired logging category that pertains to the local list of auditable events and then click "Edit".
4. Choose the Log Severity Level drop-down list.