An error occurred:

Check: SRG-APP-000181-AS-000255

Application Server SRG: SRG-APP-000181-AS-000255 (in versions v3 r4 through v2 r4)

Title

The application server must provide a log reduction capability that supports on-demand reporting requirements. (Cat II impact)

Discussion

The ability to generate on-demand reports, including after the log data has been subjected to log reduction, greatly facilitates the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. Log reduction is a process that manipulates collected log information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as needed) reports. Instead of the application server providing the log reduction function; it is also accepted practice to configure the application server to send its logs to a centralized log system that can be used to provide the log reduction with reporting capability. Security Incident Event Management (SIEM) systems are an example of such a solution. To fully understand and investigate an incident within the components of the application server, the application server, must be configured to provide log reduction and on-demand reporting or be configured to send its logs to a centralized log system.

Check Content

Review application server product documentation and server configuration to determine if the application server is configured to provide log reduction with on-demand reporting. If the application server is not configured to provide log reduction with on-demand reporting, or is not configured to send its logs to a centralized log system, this is a finding.

Fix Text

Configure the application server to provide and utilize log reduction with on-demand reporting or configure the application server to send its logs to a centralized log log system that provides log reduction and on-demand reporting functions.

Additional Identifiers

Rule ID: SV-204759r879618_rule

Vulnerability ID: V-204759

Group Title: SRG-APP-000181

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001876

The information system provides an audit reduction capability that supports on-demand reporting requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-7

Audit Reduction And Report Generation