Title

The Google Search Appliance must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications. (Cat II impact)

Discussion

Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. This information can then be used for diagnostic purposes, forensics purposes or other purposes relevant to ensuring the availability and integrity of the application. While it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. Solutions that include a manual notification procedure do not offer the reliability and speed of an automated notification solution. Applications must employ automated mechanisms to alert security personnel of inappropriate or unusual activities that have security implications. If this capability is not built directly into the application, the application must be able to integrate with existing security infrastructure that provides this capability.

Check Content

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.

Fix Text

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.

Additional Identifiers

Rule ID: SV-75245r1_rule

Vulnerability ID: V-60793

Group Title: SRG-APP-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.