← Back to Arctic Wolf CylanceON-PREM Security Technical Implementation Guide

V-272632

CAT II (Medium)

CylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.

Rule ID

SV-272632r1113445_rule

STIG

Arctic Wolf CylanceON-PREM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000139 CCI-000158 CCI-001348 CCI-001350 CCI-001876 CCI-001683 CCI-001684 CCI-001685 CCI-001686 CCI-002132 CCI-001851 CCI-001858 CCI-002702 CCI-003821 CCI-003831

Discussion

Integrating a Central Log Server for managing audit records enhances security monitoring, incident response, and compliance efforts. By providing centralized logging, real-time analysis, and automated alerting, a Central Log Server allows CylanceON-PREM to maintain a robust security posture and effectively respond to potential threats, ultimately contributing to the organization's overall security strategy. Satisfies: SRG-APP-000108, SRG-APP-000115, SRG-APP-000125, SRG-APP-000126, SRG-APP-000181, SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294, SRG-APP-000320, SRG-APP-000358, SRG-APP-000360, SRG-APP-000474, SRG-APP-000515, SRG-APP-000745, SRG-APP-000795

Check Content

Verify SIEM, Administrator privileges are required.

1. Log in to the admin console.
2. Navigate to CONFIGURATION >> Settings.
3. Find Syslog/SIEM.

If Syslog/SIEM is not enabled or the settings are not configured correctly, this is a finding.

Fix Text

Configure SIEM. Administrator privileges are required.

1. Log in to the admin console.
2. Navigate to CONFIGURATION >> Settings.
3. Find Syslog/SIEM.
4. Click on the edit button beside Syslog/SIEM.
5. Slide the button to enable.
6. Populate the Syslog/SIEM configuration.
7. Click the green check to save.