Check: ENS-CO-000105
Trellix ENS 10.x STIG:
ENS-CO-000105
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Common Options Client Logging must be enabled. (Cat II impact)
Discussion
(U) Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problems.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify Client Logging >> "Enable Activity Logging" is selected. If Client Logging >> "Enable Activity Logging" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Select the Client Logging >> "Enable Activity Logging" option. Click "Save".
Additional Identifiers
Rule ID: SV-228228r944442_rule
Vulnerability ID: V-228228
Group Title: SRG-APP-000358
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
| Number | Title |
|---|---|
| AU-4 (1) |
Transfer To Alternate Storage |