STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018: STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:SV-90877r1_rule
V-76189
SRG-NET-000511-ALG-000051
CACT-AG-000014
CAT II
10
Configure CounterACT to off-load onto a centralized log server in real time.
1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> Plugins >> Syslog.
3. Ensure a Syslog server is configured in the "Send To" tab.
4. On the Events Filtering Tab, ensure all radio buttons associated with NAC Events, Threat Protection, System Logs, User Operations, and Operating systems messages are selected.
Verify CounterACT off-loads audit records onto a centralized log server in real time.
1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> Plugins >> Syslog.
3. Verify a Syslog server is configured in the "Send To" tab.
4. On the Events Filtering Tab, Verify all radio buttons associated with NAC Events, Threat Protection, System Logs, User Operations, and Operating systems messages are selected.
If CounterACT does not off-load onto a centralized log server in real time, this is a finding.
V-76189
False
CACT-AG-000014
Verify CounterACT off-loads audit records onto a centralized log server in real time.
1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> Plugins >> Syslog.
3. Verify a Syslog server is configured in the "Send To" tab.
4. On the Events Filtering Tab, Verify all radio buttons associated with NAC Events, Threat Protection, System Logs, User Operations, and Operating systems messages are selected.
If CounterACT does not off-load onto a centralized log server in real time, this is a finding.
M
3223