From Trend Micro Deep Security 9.x Security Technical Implementation Guide
Part of SRG-APP-000381
Associated with: CCI-001814
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions.
Review the Trend Deep Security server configuration to ensure the enforcement actions used to restrict access associated with changes to the application are audited. System Events include changes to the configuration of an Agent/Appliance, the Deep Security Manager, or Users. They also include errors that may occur during normal operation of the Trend Deep Security system. To ensure the necessary events are captured, verify the Administration >> System Settings >> System Events, against the local policy established by the ISSO. If the settings configured do not match local policy, this is a finding.
Configure the Trend Deep Security server to audit the enforcement actions used to restrict access associated with changes to the application. To configure the application to captured the events identified by the ISSO, go to the Administration >> System Settings >> System Events tab. Enable all applicable policies with “Record” and “Forward.”
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer