The Bromium monitoring module installed on the Bromium Enterprise Controller (BEC) or Bromium vSentry must generate an event and forward to the central log server when anomalies in the operation of security functions of the BEC or Bromium vSentry application are discovered.

From Bromium Secure Platform 4.x Security Technical Implementation Guide

Associated with: CCI-002702

SV-95175r1_rule The Bromium monitoring module installed on the Bromium Enterprise Controller (BEC) or Bromium vSentry must generate an event and forward to the central log server when anomalies in the operation of security functions of the BEC or Bromium vSentry application are discovered.

Vulnerability discussion

If anomalies are not acted upon, security functions may fail to secure the system. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes but is not limited to establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.Event generation is enabled by default; configuration is required for the BEC server to automatically forward events to the site's event server (e.g., syslog, SIEM).

Check content

Ask the site representatives if they have developed and implemented a solution for forwarding the contents of "worker.log" and "default.log" to a central log server. If the BEC and Bromium vSentry does not generate an event and forward to the events server when anomalies in the operation of security functions of the BEC or Bromium vSentry application are discovered, this is a finding.

Fix text

The BEC administrator must work with the site administrator to forward contents of "worker.log" and "default.log" to a central log server in real time. 1. Automatically forward all contents of "worker.log" and "default.log" to the site's centralized log server in real time. 2. Install the file monitoring agent that is provided by the site's central log server (e.g., syslog, SIEM) and configure to monitor and forward "worker.log" and "default.log" (e.g., C:\Program Data\Bromium\BMS\Logs\default.log). Note: Follow the instructions included with the event server.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.