STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Dragos Platform 2.x Security Technical Implementation Guide

V-271027

CAT II (Medium)

The Syslog client must use TCP connections.

Rule ID

SV-271027r1130600_rule

STIG

Dragos Platform 2.x Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-001762

Discussion

Removal of unneeded or nonsecure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of Dragos (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or nonsecure.

Check Content

Use the netstat command to display active UDP traffic:
netstat -n -u

If the syslog client is using a UDP connection, this is a finding.

Fix Text

Changing UDP ports to TCP ports and using TCP instead involves modifying the configuration of the application or service that uses UDP for communication.

Modify the syslog client configuration to specify TCP instead of UDP. This may involve changing port numbers or selecting TCP as the communication protocol.

After making the necessary changes, restart the application or service to apply the new configuration settings. This ensures that the syslog client starts using TCP ports instead of UDP ports.