STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:SV-80503r1_rule
V-66013
SRG-APP-000496
TMDS-00-000355
CAT II
10
Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to modify security objects occur.
Configure the alert using the Administration >> System Settings >> System Events for successful/unsuccessful attempts to modify security objects. Select the “Record” and “Forward” options for the following:
- Event ID: 116 Rule Update Applied
- Event ID: 180 Alert Type Updated
- Event ID: 191 Alert Changed
- Event ID: Relay Group Assigned to Computer
- Event ID: 290 Group Added
- Event ID: 292 Group Updated
- Event ID: 306 Rebuild Baseline Requested
- Event ID: 352 Policy Updated
- Event ID: 378 Virtual Machine unprotected after move to another ESXi
- Event ID: 412 Firewall Rule Updated
- Event ID: 422 Firewall Stateful Configuration Updated
- Event ID: 462 Application Type Updated
- Event ID: 472 Intrusion Prevention Rule Updated
- Event ID: 482 Integrity Monitoring Rule Updated
- Event ID: 492 Log Inspection Rule Updated
- Event ID: 507 Context Updated
- Event ID: 512 IP List Updated
- Event ID: 522 Port List Updated
- Event ID: 532 MAC List Updated
- Event ID: 542 Proxy Updated
- Event ID: 552 Schedule Updated
- Event ID: 575 Asset Value Updated
- Event ID: 622 Access from Primary Tenant Enabled
- Event ID: 623 Access from Primary Tenant Disabled
- Event ID: 711 Agent Software Deployed
- Event ID: 713 Agent Software Removed
- Event ID: 720 Policy Sent
- Event ID: 734 Computer Clock Change
- Event ID: 942 Auto-Tag Rule Updated
- Event ID: 1502 Malware Scan Configuration Updated
- Event ID: 1512 File Extension List Updated
- Event ID: 1517 File List Updated
- Event ID: 1550 Web Reputation Settings Updated
- Event ID: 1554 Firewall Stateful Configuration Updated
- Event ID: 1555 Intrusion Prevention Configuration Updated
- Event ID: 2002 Scan Cache Configuration Object Updated
Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify security objects occur.
Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to modify security objects.
If the options for “Record” and “Forward” are not enabled for successful/unsuccessful attempts to modify security objects, this is a finding
V-66013
False
TMDS-00-000355
Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify security objects occur.
Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to modify security objects.
If the options for “Record” and “Forward” are not enabled for successful/unsuccessful attempts to modify security objects, this is a finding
M
2955