STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must send history.log records to a central log server (i.e., syslog server).

DISA Rule

SV-95155r1_rule

Vulnerability Number

V-80451

Group Title

SRG-APP-000356

Rule Version

BROM-00-000765

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Automatically forward all contents of "history.log" to the site's central log server in real time. 

Install the file monitoring agent that is provided by the site's centralized events server (e.g., syslog, SIEM) and configure to monitor and forward "history.log" (example: C:\Program Data\Bromium\BMS\Logs\history.log). Follow the instructions included with the central log server.

Check Contents

Ask the site representatives if they have developed and implemented a solution for storing the contents of "history.log".

Check that the backup solution has been configured to include the "history.log" files residing on the BEC.

If the BEC does not send "history.log" records to a central log server (i.e., syslog server), this is a finding.

Vulnerability Number

V-80451

Documentable

False

Rule Version

BROM-00-000765

Severity Override Guidance

Ask the site representatives if they have developed and implemented a solution for storing the contents of "history.log".

Check that the backup solution has been configured to include the "history.log" files residing on the BEC.

If the BEC does not send "history.log" records to a central log server (i.e., syslog server), this is a finding.

Check Content Reference

M

Target Key

3375

Comments