Check: CYLN-OP-000575
Arctic Wolf CylanceON-PREM STIG:
CYLN-OP-000575
(in version v1 r1)
Title
CylanceON-PREM must enforce that all files accessed are evaluated against the AI model for potential threats. (Cat II impact)
Discussion
CylanceON-PREM enforces file evaluations against its AI model to ensure proactive, predictive, and comprehensive security. Failure to scan files introduces a potential risk to the system.
Check Content
Verify Background Threat Detection and File Watcher settings are enabled. Administrator rights are required. 1. Log in to the admin console. 2. Navigate to POLICIES. 3. Click on each device policy. If Background Threat Detection or File Watcher settings are disabled, this is a finding. If there are no enabled policies, this is a finding.
Fix Text
Configure Background Threat Detection and File Watcher settings to enabled. Administrator rights are required. 1. Log in to the admin console. 2. Navigate to POLICIES. 3. Under "Action", choose "Edit". 4. Enable "Background Threat Detection". 5. Enable "File Watcher". 6. Click "Save Policy & Finish".
Additional Identifiers
Rule ID: SV-272635r1112755_rule
Vulnerability ID: V-272635
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |