Check: CYLN-OP-000705
Arctic Wolf CylanceON-PREM STIG:
CYLN-OP-000705
(in version v1 r1)
Title
CylanceON-PREM must be configured to use an external database if users exceed 30,000. (Cat II impact)
Discussion
Exhausting audit log storage will introduce failures in audit logging, which will result in loss of security monitoring information. Satisfies: SRG-APP-000357, SRG-APP-000359
Check Content
If there are less than 30,000 users, this requirement is Not Applicable. Verify external database. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. View Database Connection Settings. If no database settings are found, the system was installed with the local database, and default size settings are used, this is a finding.
Fix Text
If there are less than 30,000 users, this requirement is Not Applicable. To install CylanceON-PREM with an external database, configure the virtual appliance during setup to use the chosen external database, specifying details such as the database server address, credentials, and database name, instead of relying on the default internal database included with the appliance. After reinstalling, verify with the database administrator (DBA) that the requirement is met. Refer to https://docs.blackberry.com/en/unified-endpoint-security/cylanceonprem/cylance-on-prem-administration-guide/Configure_CylanceON-PREM_Virtual_Appliance/External_Database_Overview.
Additional Identifiers
Rule ID: SV-272637r1113525_rule
Vulnerability ID: V-272637
Group Title: SRG-APP-000357
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001849 |
Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements. |
| CCI-001855 |
Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity. |