STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.

DISA Rule

SV-104213r1_rule

Vulnerability Number

V-94259

Group Title

SRG-NET-000511-ALG-000051

Rule Version

SYMP-AG-000220

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure continuous audit log off-loading.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Schedule" and select "Upload the access log continuously" option.
4. Click "Apply".

Check Contents

Verify that continuous audit log off-loading is configured.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Client" and Verify that a "Client type" is specified.
4. Click the "Upload Schedule" and Verify that "Upload the access log continuously" is selected.

If Symantec ProxySG is not configured to send the access logs to the centralized log server continuously, this is a finding.

Vulnerability Number

V-94259

Documentable

False

Rule Version

SYMP-AG-000220

Severity Override Guidance

Verify that continuous audit log off-loading is configured.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Client" and Verify that a "Client type" is specified.
4. Click the "Upload Schedule" and Verify that "Upload the access log continuously" is selected.

If Symantec ProxySG is not configured to send the access logs to the centralized log server continuously, this is a finding.

Check Content Reference

M

Target Key

3515

Comments