Check: ENS-CO-000105
Trellix ENS 10.x STIG:
ENS-CO-000105
(in versions v3 r2 through v2 r5)
Title
(U) The Trellix ENS Common Options Client Logging must be enabled. (Cat II impact)
Discussion
(U) Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problems.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify Client Logging >> "Enable Activity Logging" is selected. If Client Logging >> "Enable Activity Logging" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Select the Client Logging >> "Enable Activity Logging" option. Click "Save".
Additional Identifiers
Rule ID: SV-228228r961395_rule
Vulnerability ID: V-228228
Group Title: SRG-APP-000358
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |