From Trend Micro Deep Security 9.x Security Technical Implementation Guide
Part of SRG-APP-000360
Associated with: CCI-001858
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.
Review the Trend Deep Security server configuration to ensure an immediate real-time alert is provided to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. Analyze the system using the Administration >> System Settings >> Alerts tab. Review the email address listed in the “Alert Event Forwarding (From The Manager).” If this email address is not present or does not belong to a distribution for system administrators and ISSOs, this is a finding.
Configure the Trend Deep Security server to provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. Configure Events and Alerts to notify the SA and ISSO using the Administration >> System Settings >> Alerts tab. Insert a distribution email address into the “Alert Event Forwarding (From The Manager).” The distribution email address must be configured within Exchange or other email server and must associate the SA and ISSO accounts reviewing and/or managing the system.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer