STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must send an immediate alert to, at a minimum, the Security Control Auditor (SCA) when malicious code is detected.

DISA Rule

SV-80927r1_rule

Vulnerability Number

V-66437

Group Title

SRG-NET-000249-IDPS-00222

Rule Version

JUSX-IP-000029

Severity

CAT II

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

This requirement can be met using an alert. Alerts must be enabled and configured and then added to the IDP policy rulebase command as an option. The following is an example of the command that can be added to the IDP policy. The policy is called Malicious-Activity and the rule is called R1 in this example.

[edit]
set security idp idp-policy Malicious-Activity rulebase-ips rule R1 then notification log-attacks alert

Check Contents

Verify an alert is sent when malicious code is detected.

[edit]
show security idp policy

View the rulebase options for the IDP policies.

If the rulebase options for the IDP policies that detect malicious code do not contain the "alert" option, this is a finding.

Vulnerability Number

V-66437

Documentable

False

Rule Version

JUSX-IP-000029

Severity Override Guidance

Verify an alert is sent when malicious code is detected.

[edit]
show security idp policy

View the rulebase options for the IDP policies.

If the rulebase options for the IDP policies that detect malicious code do not contain the "alert" option, this is a finding.

Check Content Reference

M

Target Key

3037

Comments