I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • To protect against unauthorized data mining, the Palo Alto Networks security platform must detect and prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.

    <VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...
    Rule Medium Severity
  • SRG-NET-000334-IDPS-00191

  • The Palo Alto Networks security platform must off-load log records to a centralized log server.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audi...
    Rule Low Severity
  • SRG-NET-000362-IDPS-00196

  • The Palo Alto Networks security platform must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds).

    &lt;VulnDiscussion&gt;If the network does not provide safeguards against DoS attack, network resources will be unavailable to users. Installation ...
    Rule Medium Severity

