Title

The Trellix Data Exchange Layer (DXL) Client policy for all managed systems debug logging must be disabled under client log settings. (Cat II impact)

Discussion

This policy configures the DXL client to continually log debug data. While debug log data is necessary for troubleshooting a client not functioning properly, the abundance of data collected is not necessary when client is functioning as designed. As the data accumulated from debug logging can be extensive in a production environment, leaving the logging in that mode would be counterproductive. Enabling the debug logging for troubleshooting a malfunctioning client would be deemed acceptable, assuming a return to disabled after troubleshooting.

Check Content

This check must be completed for the active Trellix DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Client Log Settings, verify the check box for "Enable debug logging" is not selected. If the check box for "Enable debug logging" is selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Client Log Sections, deselect the check box for "Enable debug logging".

Additional Identifiers

Rule ID: SV-221993r961860_rule

Vulnerability ID: V-221993

Group Title: SRG-APP-000515

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.