From Bromium Secure Platform 4.x Security Technical Implementation Guide
Part of SRG-APP-000471
Associated with: CCI-002664
The default policy logging level captures the maximum level of data available to the administrator for forensic purposes and troubleshooting. This is required for analyzing Indicators of Compromise (IOCs) that may necessitate an alert from the events server and action by the system administrator.
Inspect the base policy for all endpoints. 1. From the management console, click on "Policies". 2. Select the base policy. 3. Select the "Manageability" tab. 4. Inspect the Logging level setting. If the BEC base policy Logging level has not been set to "Debug", this is a finding.
Enable the Debug Logging level. 1. From the management console, click on "Policies". 2. Select the base policy. 3. Select the "Manageability" tab. 4. Set the Logging level to "Debug". 5. Click "Save and Deploy".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer