← Back to ForeScout CounterACT NDM Security Technical Implementation Guide

V-255630

CAT III (Low)

CounterACT must generate audit log events for a locally developed list of auditable events.

Rule ID

SV-255630r961863_rule

STIG

ForeScout CounterACT NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Check Content

Determine if CounterACT generates audit log events for a locally developed list of auditable events.

1. Open the CounterACT Console.
2. Select Tools >> Options >> Plugin.
3. Select the Syslog Plugin.
4. Select CounterACT or the Enterprise Manager appliance you would like to verify.
5. Verify additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs".

If CounterACT is not configured to generate audit log events for a locally developed list of auditable events, this is a finding.

Fix Text

Configure CounterACT to generate audit log events for a locally developed list of auditable events.

1. Open the CounterACT Console.
2. Select Tools >> Options >> Plugin.
3. Select the Syslog Plugin.
4. Select CounterACT or the Enterprise Manager appliance you would like to verify.
5. Ensure additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs".