STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Dragos Platform 2.x Security Technical Implementation Guide

V-271070

CAT II (Medium)

The Dragos Platform must alert the information system security officer (ISSO), information system security manager (ISSM), and other individuals designated by the local organization when events are detected that indicate a compromise or potential for compromise.

Rule ID

SV-271070r1107133_rule

STIG

Dragos Platform 2.x Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-002664

Discussion

When a security event occurs, Dragos Platform must immediately notify the appropriate support personnel so they can respond appropriately. Alerts may be generated from a variety of sources, including audit records or inputs from malicious code protection mechanisms, intrusion detection mechanisms, or prevention mechanisms. IOCs are forensic artifacts from intrusions that are identified on organizational information systems (at the host or network level). IOCs provide organizations with valuable information on objects or information systems that have been compromised. These indicators reflect the occurrence of a compromise or a potential compromise.

Check Content

1. Check Server Configuration.

If using Syslog Server:
Verify third-party server is used to receive communication-related notifications.
Check for a configured Syslog Server.
In the UI, navigate to Admin >> Integrations.
Click "LAUNCH" in the Syslog section.

If no server is configured or the status is not "Connected", this is a finding. 

If no recipient is configured, this is a finding.

2. Check Rules:
Navigate to Notification >> RULES Tab.
Verify a rule exists and has the following:
Action = "Send (<your syslog server>)"
Criteria = "Notification Type Equals System"
          "Notification Type Equals System Failure" 

If a rule does not exist with the correct Action and Criteria, this is a finding.

Fix Text

1. Configure Servers.
If using Syslog Server:
Create a Syslog server on a third-party device.
The steps may vary depending on the chosen Syslog server software. Refer to 2.3.x Dragos Platform Syslog Integration Guide in the Customer Portal for additional help.

Create a syslog server output in the Dragos UI.
Navigate to Admin >> Integrations.
Click "LAUNCH" in the Syslog section.
Click "ADD NEW SERVER".
Enter third-party server information and click "NEXT".
Input Message Template.
Click "SAVE".


2. Creating System Rules:
Navigate to Notification >> RULES Tab.
Click "NEW RULE".
Fill in Name and Processing Order.

Create two Attributes.
Click "ADD ATTRIBUTE" in the "If ANY of the following" block:
Type = "Notification Type"
Select Operation = "Equals"
Select Value = "System"

Click "ADD ATTRIBUTE" in the "If ANY of the following" block:
Type = "Notification Type"
Select Operation = "Equals"
Select Value = "System failure"

In the "THEN perform the following actions block:
Click "ADD ACTION".
Action = "Send (<your syslog server>)"

Click "SAVE".