STIGQter STIGQter: STIG Summary: Palo Alto Networks IDPS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

To protect against unauthorized data mining, the Palo Alto Networks security platform must detect and prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.

DISA Rule

SV-207701r557390_rule

Vulnerability Number

V-207701

Group Title

SRG-NET-000318-IDPS-00182

Rule Version

PANW-IP-000033

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set a unique hostname.
Go to Device >> Setup >> Management
In the "General Settings" window, select the "Edit" icon (the gear symbol in the upper-right corner of the pane).
In the "General Settings" window, in the "hostname" field; enter a unique hostname.

Check Contents

Go to Objects >> Security Profiles >> Vulnerability Protection

If there are no Vulnerability Protection Profiles configured, this is a finding.

Ask the Administrator which Vulnerability Protection Profile is used to protect application assets by blocking and alerting on attacks.
View the configured Vulnerability Protection Profile; check the "Severity" and "Action" columns.

If the Vulnerability Protection Profile used for database protection does not block all critical, high, and medium threats, this is a finding.

If the Vulnerability Protection Profile used for database protection does not alert on low and informational threats, this is a finding.

Ask the Administrator which Security Policy is used to protect application assets.
Go to Policies >> Security
View the configured Security Policy; view the "Profile" column.

If the "Profile" column does not display the Vulnerability Protection Profile symbol, this is a finding.

Moving the cursor over the symbol will list the exact Vulnerability Protection Profiles applied.

If the specific Vulnerability Protection Profile is not listed, this is a finding.

Vulnerability Number

V-207701

Documentable

False

Rule Version

PANW-IP-000033

Severity Override Guidance

Go to Objects >> Security Profiles >> Vulnerability Protection

If there are no Vulnerability Protection Profiles configured, this is a finding.

Ask the Administrator which Vulnerability Protection Profile is used to protect application assets by blocking and alerting on attacks.
View the configured Vulnerability Protection Profile; check the "Severity" and "Action" columns.

If the Vulnerability Protection Profile used for database protection does not block all critical, high, and medium threats, this is a finding.

If the Vulnerability Protection Profile used for database protection does not alert on low and informational threats, this is a finding.

Ask the Administrator which Security Policy is used to protect application assets.
Go to Policies >> Security
View the configured Security Policy; view the "Profile" column.

If the "Profile" column does not display the Vulnerability Protection Profile symbol, this is a finding.

Moving the cursor over the symbol will list the exact Vulnerability Protection Profiles applied.

If the specific Vulnerability Protection Profile is not listed, this is a finding.

Check Content Reference

M

Target Key

2927

Comments