Check: AADC-AG-000113
A10 Networks ADC ALG STIG:
AADC-AG-000113
(in versions v2 r1 through v1 r1)
Title
The A10 Networks ADC must enable logging for packet anomaly events. (Cat II impact)
Discussion
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. Since these incidents require immediate action, these messages are assigned a critical or level 1 priority/severity, depending on the system's priority schema. These systems must generate an alert when detection events from real-time monitoring occur. Alerts may be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. The device must either send the alert to a management console that is actively monitored by authorized personnel or use a messaging capability to send the alert directly to designated personnel. The A10 Networks ADC must be configured to generate a log message when IP anomalies are detected.
Check Content
Review the device configuration. The following command displays the device configuration and filters the output on the string "log": show run | inc log If the output does not include the command "system anomaly log", this is a finding.
Fix Text
The following command enables logging of packet anomaly events: system anomaly log
Additional Identifiers
Rule ID: SV-237054r639609_rule
Vulnerability ID: V-237054
Group Title: SRG-NET-000392-ALG-000141
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002664 |
The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise. |
Controls
Number | Title |
---|---|
SI-4 (5) |
System-Generated Alerts |