STIGQter STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security levels occur.

DISA Rule

SV-80507r1_rule

Vulnerability Number

V-66017

Group Title

SRG-APP-000497

Rule Version

TMDS-00-000360

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to modify security levels occur.

Configure the alert using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to modify security levels. Select the “Record” and “Forward” options for the following:

- Event ID: 253 Policy Assigned to Computer
- Event ID: 350 Policy Created
- Event ID: 352 Policy Updated
- Event ID: 720 Policy Sent
- Event ID: 410 Firewall Rule Created
- Event ID: 420 Firewall Stateful Configuration Created
- Event ID: 460 Application Type Created
- Event ID: 470 Intrusion Prevention Rule Created
- Event ID: 480 Integrity Monitoring Rule Created
- Event ID: 490 Log Inspection Rule Created
- Event ID: 495 Log Inspection Decoder Created
- Event ID: 573 Asset Value Created
- Event ID: 1500 Malware Scan Configuration Created
- Event ID: 1510 File Extension List Created

Check Contents

Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify security levels occur.

Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to modify security levels.

If the “Record” and “Forward” options for successful/unsuccessful attempts to modify security levels are not enabled, this is a finding.

Vulnerability Number

V-66017

Documentable

False

Rule Version

TMDS-00-000360

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to modify security levels occur.

Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to modify security levels.

If the “Record” and “Forward” options for successful/unsuccessful attempts to modify security levels are not enabled, this is a finding.

Check Content Reference

M

Target Key

2955

Comments