From Trend Micro Deep Security 9.x Security Technical Implementation Guide
Part of SRG-APP-000501
Associated with: CCI-000172
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to delete security objects occur. Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects. If the “Record” and “Forward" options for are not enabled for successful/unsuccessful attempts to delete security objects, this is a finding.
Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to delete security objects occur. Configure the alert using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects. Select the “Record” and “Forward” options for the following: - Event ID: 124 Rule Update Deleted - Event ID: 152 Software Deleted - Event ID: 295 Interface Deleted - Event ID: 296 Interface IP Deleted - Event ID: 331 SSL Configuration Deleted - Event ID: 351 Policy Deleted - Event ID: 411 Firewall Rule Deleted - Event ID: 421 Firewall Stateful Configuration Deleted - Event ID: 461 Application Type Deleted - Event ID: 471 Intrusion Prevention Rule Deleted - Event ID: 481 Integrity Monitoring Rule Deleted - Event ID: 491 Log Inspection Rule Deleted - Event ID: 496 Log Inspection Decoder Deleted - Event ID: 506 Context Deleted - Event ID: 574 Asset Value Deleted - Event ID: 593 Relay Group Deleted - Event ID: 595 Event-Based Task Deleted - Event ID: 931 Certificate Deleted - Event ID: 941 Auto-Tag Rule Deleted - Event ID: 943 Tag Deleted - Event ID: 1501 Malware Scan Configuration Deleted - Event ID: 1501 Malware Scan Configuration Deleted - Event ID: 1511 File Extension List Deleted - Event ID: 1516 File List Deleted - Event ID: 1951 Tenant Deleted - Event ID: 1954 Tenant Database Server Deleted
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer