STIGQter STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

DISA Rule

SV-80389r1_rule

Vulnerability Number

V-65899

Group Title

SRG-APP-000125

Rule Version

TMDS-00-000120

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to back up audit records at least every seven days onto a different system or system component than the system or component being audited.

Configure the application to forward audit records to a log management tool for backup and storage.
Go to Administration >> System Settings >> SIEM
Enable "Forward System Events to a remote computer (via Syslog)"

Configure the following:

Hostname or IP address to which events should be sent
UDP port to which events should be sent
Syslog Facility
Syslog Format

Check Contents

Review the Trend Deep Security server configuration to ensure audit records are backed up at least every seven days onto a different system or system component than the system or component being audited.

Verify the application backup frequency by reviewing the configuration settings in Administration >> System Settings >> SIEM

If the "Forward System Events to a remote computer (via Syslog)" is not enabled with the proper configuration settings, this is a finding.

Vulnerability Number

V-65899

Documentable

False

Rule Version

TMDS-00-000120

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure audit records are backed up at least every seven days onto a different system or system component than the system or component being audited.

Verify the application backup frequency by reviewing the configuration settings in Administration >> System Settings >> SIEM

If the "Forward System Events to a remote computer (via Syslog)" is not enabled with the proper configuration settings, this is a finding.

Check Content Reference

M

Target Key

2955

Comments