STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:SV-80513r1_rule
V-66023
SRG-APP-000501
TMDS-00-000375
CAT II
10
Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to delete security objects occur.
Configure the alert using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects. Select the “Record” and “Forward” options for the following:
- Event ID: 124 Rule Update Deleted
- Event ID: 152 Software Deleted
- Event ID: 295 Interface Deleted
- Event ID: 296 Interface IP Deleted
- Event ID: 331 SSL Configuration Deleted
- Event ID: 351 Policy Deleted
- Event ID: 411 Firewall Rule Deleted
- Event ID: 421 Firewall Stateful Configuration Deleted
- Event ID: 461 Application Type Deleted
- Event ID: 471 Intrusion Prevention Rule Deleted
- Event ID: 481 Integrity Monitoring Rule Deleted
- Event ID: 491 Log Inspection Rule Deleted
- Event ID: 496 Log Inspection Decoder Deleted
- Event ID: 506 Context Deleted
- Event ID: 574 Asset Value Deleted
- Event ID: 593 Relay Group Deleted
- Event ID: 595 Event-Based Task Deleted
- Event ID: 931 Certificate Deleted
- Event ID: 941 Auto-Tag Rule Deleted
- Event ID: 943 Tag Deleted
- Event ID: 1501 Malware Scan Configuration Deleted
- Event ID: 1501 Malware Scan Configuration Deleted
- Event ID: 1511 File Extension List Deleted
- Event ID: 1516 File List Deleted
- Event ID: 1951 Tenant Deleted
- Event ID: 1954 Tenant Database Server Deleted
Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to delete security objects occur.
Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects.
If the “Record” and “Forward" options for are not enabled for successful/unsuccessful attempts to delete security objects, this is a finding.
V-66023
False
TMDS-00-000375
Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to delete security objects occur.
Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects.
If the “Record” and “Forward" options for are not enabled for successful/unsuccessful attempts to delete security objects, this is a finding.
M
2955