From Bromium Secure Platform 4.x Security Technical Implementation Guide
Part of SRG-APP-000356
Associated with: CCI-001844
Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an ongoing attack.
Ask the site representatives if they have developed and implemented a solution for storing the contents of "history.log". Check that the backup solution has been configured to include the "history.log" files residing on the BEC. If the BEC does not send "history.log" records to a central log server (i.e., syslog server), this is a finding.
Automatically forward all contents of "history.log" to the site's central log server in real time. Install the file monitoring agent that is provided by the site's centralized events server (e.g., syslog, SIEM) and configure to monitor and forward "history.log" (example: C:\Program Data\Bromium\BMS\Logs\history.log). Follow the instructions included with the central log server.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer