The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.

From Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Associated with: CCI-000154

SV-69581r1_rule The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.

Vulnerability discussion

Centralized review and analysis of log records from multiple IDPS components gives the organization the capability to better detect distributed attacks and provides increased data points for behavior analysis techniques. These techniques are invaluable in monitoring for indicators of complex attack patterns. To support the centralized analysis capability, the IDPS components must be able to provide the information in a format (e.g., Syslog) that can be extracted and used, allowing the application to effectively review and analyze the log records.

Check content

Verify the IDPS provides log information in a format that can be extracted and used by centralized analysis tools. If the IDPS does not provide log information in a format that can be extracted and used by centralized analysis tools, this is a finding.

Fix text

Configure the IDPS to provide log information in a format that can be extracted and used by centralized analysis tools.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.