From Bromium Secure Platform 4.x Security Technical Implementation Guide
Part of SRG-APP-000093
Associated with: CCI-001462
Without the capability to capture and log all content related to a user session, investigations into suspicious user activity would be hampered.
If custom rules are required, verify that monitoring rules are enabled. Custom rules may or may not be present on the BEC, depending on the site's need. It is not mandatory to use this feature, just that the feature be configured to be used in case it is needed. 1. From the management console, click on "Policies". 2. Select the base policy that covers all devices. 3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and verify that "Host Monitoring" is enabled. 4. Click on "Policies" and verify "Monitoring Rules" is checked. If the Bromium Enterprise Controller (BEC) is not configured for authorized users to capture and log content related to a user session, this is a finding.
Configure a custom rule to view a user's activity. Ensure host monitoring is enabled in the base or applicable delta policy. 1. From the management console, click on "Policies". 2. Select the base policy that covers all devices. 3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and enable "Host Monitoring". 4. Click "Save and Deploy". Configure the Custom Rule to monitor one or more Bromium vSentry clients. 1. Click the arrow next to "Policies" and select "Monitoring Rules". 2. Click "Rule Options" and select "Create Custom Rule". 3. Create a name for the custom rule. 4. Apply the custom rule to a group. 5. Configure the applications, triggers, and any exclusions associated with the activity to be monitored. 6. Click "Save".
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer