STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Intrusion Detection and Prevention Systems Security Requirements Guide

V-206874

CAT II (Medium)

The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.

Rule ID

SV-206874r382879_rule

STIG

Intrusion Detection and Prevention Systems Security Requirements Guide

Version

V3R4

CCIs

CCI-000154

Discussion

Centralized review and analysis of log records from multiple IDPS components gives the organization the capability to better detect distributed attacks and provides increased data points for behavior analysis techniques. These techniques are invaluable in monitoring for indicators of complex attack patterns. To support the centralized analysis capability, the IDPS components must be able to provide the information in a format (e.g., Syslog) that can be extracted and used, allowing the application to effectively review and analyze the log records.

Check Content

Verify the IDPS provides log information in a format that can be extracted and used by centralized analysis tools.

If the IDPS does not provide log information in a format that can be extracted and used by centralized analysis tools, this is a finding.

Fix Text

Configure the IDPS to provide log information in a format that can be extracted and used by centralized analysis tools.