STIGQter STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jan 2020: The Palo Alto Networks security platform must disable WMI probing if it is not used.

DISA Rule

SV-77049r1_rule

Vulnerability Number

V-62559

Group Title

SRG-NET-000131-ALG-000085

Rule Version

PANW-AG-000036

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To disable WMI probing if it is not used:
Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box.
If it is selected, select the "Edit" icon in the upper-right corner of the pane.
In the "Palo Alto Networks User ID Agent Setup" window, in the "Client Probing" tab, deselect the "Enable Probing" check box.

Check Contents

Ask the Administrator if User-ID uses WMI Probing; if it does, this is not a finding.

Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, this is a finding.

Vulnerability Number

V-62559

Documentable

False

Rule Version

PANW-AG-000036

Severity Override Guidance

Ask the Administrator if User-ID uses WMI Probing; if it does, this is not a finding.

Go to Device >> User Identification
On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, this is a finding.

Check Content Reference

M

Target Key

2809

Comments