Check: CYLN-OP-000560
Arctic Wolf CylanceON-PREM STIG:
CYLN-OP-000560
(in version v1 r1)
Title
CylanceON-PREM must be configured to send alerts via Simple Mail Transfer Protocol (SMTP). (Cat II impact)
Discussion
Failure to notify personnel of failed tests introduces a risk to the system. Corrective action and the unsecure condition(s) will remain. Satisfies: SRG-APP-000275, SRG-APP-000279, SRG-APP-000940
Check Content
Verify SMTP Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find SMTP. If SMTP is not enabled, this is a finding. If SMTP settings are not populated and event type notifications not enabled, this is a finding.
Fix Text
Configure SMTP Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find SMTP and click on the edit button. 4. Slide the button to enable. 5. Populate the Syslog/SIEM configuration. 6. Click the green check to save.
Additional Identifiers
Rule ID: SV-272634r1113494_rule
Vulnerability ID: V-272634
Group Title: SRG-APP-000275
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001243 |
Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection. |
| CCI-001294 |
Alert organization-defined personnel or roles of failed security verification tests. |
| CCI-004966 |
Configure malicious code protection mechanisms to send alerts to organization-defined personnel in response to malicious code detection. |