STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Trend Micro Deep Security 9.x Security Technical Implementation Guide

V-241179

CAT II (Medium)

Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete security objects occur.

Rule ID

SV-241179r879872_rule

STIG

Trend Micro Deep Security 9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000172

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter).

Check Content

Review the Trend Deep Security server configuration to ensure audit records are generated when successful/unsuccessful attempts to delete security objects occur.

Review the system using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects. 

If the “Record” and “Forward" options for are not enabled for successful/unsuccessful attempts to delete security objects, this is a finding.

Fix Text

Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to delete security objects occur.

Configure the alert using the Administration >> System Settings >> System Events tab for successful/unsuccessful attempts to delete security objects. Select the  “Record” and “Forward” options for the following:

- Event ID: 124  Rule Update Deleted  
- Event ID: 152  Software Deleted  
- Event ID: 295  Interface Deleted  
- Event ID: 296  Interface IP Deleted  
- Event ID: 331  SSL Configuration Deleted  
- Event ID: 351  Policy Deleted  
- Event ID: 411  Firewall Rule Deleted  
- Event ID: 421  Firewall Stateful Configuration Deleted  
- Event ID: 461  Application Type Deleted  
- Event ID: 471  Intrusion Prevention Rule Deleted  
- Event ID: 481  Integrity Monitoring Rule Deleted  
- Event ID: 491  Log Inspection Rule Deleted  
- Event ID: 496  Log Inspection Decoder Deleted  
- Event ID: 506  Context Deleted  
- Event ID: 574  Asset Value Deleted  
- Event ID: 593  Relay Group Deleted  
- Event ID: 595  Event-Based Task Deleted  
- Event ID: 931  Certificate Deleted  
- Event ID: 941  Auto-Tag Rule Deleted 
- Event ID: 943  Tag Deleted  
- Event ID: 1501  Malware Scan Configuration Deleted  
- Event ID: 1501  Malware Scan Configuration Deleted  
- Event ID: 1511  File Extension List Deleted  
- Event ID: 1516  File List Deleted 
- Event ID: 1951  Tenant Deleted  
- Event ID: 1954  Tenant Database Server Deleted