Title

The Google Search Appliance must be capable of taking organization-defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure). (Cat II impact)

Discussion

It is critical when a system is at risk of failing to process audit logs as required; it detects and takes action to mitigate the failure. Audit processing failures include: software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Applications are required to be capable of either directly performing or calling system level functionality performing defined actions upon detection of an application audit log processing failure.

Check Content

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If valid email addresses are entered, this is not a finding.

Fix Text

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Enter valid email addresses that the audit failures need to be sent to be reviewed.

Additional Identifiers

Rule ID: SV-75203r1_rule

Vulnerability ID: V-60751

Group Title: SRG-APP-000109

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.