STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:SV-80459r1_rule
V-65969
SRG-APP-000358
TMDS-00-000265
CAT II
10
Configure the Trend Deep Security server to off-load audit records onto a different system or media than the system being audited.
To configure the Manager to instruct all managed computers to use Syslog:
1. Go to the Administration >> System Settings >> SIEM tab.
2. In the System Event Notification (from the Manager) area, set the Forward System Events to a remote computer (via Syslog) option.
3. Type the hostname or the IP address of the Syslog computer.
4. Enter which UDP port to use (usually 514).
5. Select which Syslog facility to use.
6. Select the "Common Event Format" log format. (The "Basic Syslog" format is listed only for legacy support and should not be used for new integrations.)
Review the Trend Deep Security server configuration to ensure audit records are off-loaded onto a different system or media than the system being audited.
Verify that audit records are off-loaded by configuring the Manager to instruct all managed computers to use Syslog:
1. Go to the Administration> > System Settings >> SIEM tab.
2. In the System Event Notification (from the Manager) area, verify the “Forward System Events to a remote computer (via Syslog) option” is Enabled.
3. Verify the IP address to the selected host name is entered.
4. Verify UDP port 514 or agency selected port is provided.
5. Verify the appropriate Syslog facility and Common Event Settings
If any of these settings are missing from the SIEM configuration, this is a finding.
V-65969
False
TMDS-00-000265
Review the Trend Deep Security server configuration to ensure audit records are off-loaded onto a different system or media than the system being audited.
Verify that audit records are off-loaded by configuring the Manager to instruct all managed computers to use Syslog:
1. Go to the Administration> > System Settings >> SIEM tab.
2. In the System Event Notification (from the Manager) area, verify the “Forward System Events to a remote computer (via Syslog) option” is Enabled.
3. Verify the IP address to the selected host name is entered.
4. Verify UDP port 514 or agency selected port is provided.
5. Verify the appropriate Syslog facility and Common Event Settings
If any of these settings are missing from the SIEM configuration, this is a finding.
M
2955