STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify privileges occur.

DISA Rule

SV-80501r1_rule

Vulnerability Number

V-66011

Group Title

SRG-APP-000495

Rule Version

TMDS-00-000350

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to modify privileges occur.

Configure the alert using the Administration >> System Settings >> System Events for the successful/unsuccessful attempts to delete privileges. Select the “Record” and “Forward” options for the following:

- Event ID: 102 Trend Micro Deep Security Customer Account Changed
- Event ID: 130 Credentials Generated
- Event ID: 131 Credential Generation Failed
- Event ID: 290 Group Added
- Event ID: 291 Group Removed
- Event ID: 291 Group Removed
- Event ID: 652 User Updated
- Event ID: 660 Role Created
- Event ID: 651 User Deleted
- Event ID: 661 Role Deleted
- Event ID: 662 Role Updated
- Event ID: 663 Roles Imported
- Event ID: 1900 Cloud Account Added
- Event ID: 1901 Cloud Account Removed
- Event ID: 1902 Cloud Account Updated

Check Contents

Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify privileges occur.

Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete privileges.

If the options for “Record” and “Forward” are not enabled for successful/unsuccessful attempts to delete privileges, this is a finding

Vulnerability Number

V-66011

Documentable

False

Rule Version

TMDS-00-000350

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify privileges occur.

Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete privileges.

If the options for “Record” and “Forward” are not enabled for successful/unsuccessful attempts to delete privileges, this is a finding

Check Content Reference

M

Target Key

2955

Comments