Check: NET1289
Network - Firewall:
NET1289
(in versions v8 r25 through v8 r21)
Title
Network device logs must include source IP, destination IP, port, protocol used and action taken. (Cat III impact)
Discussion
The network device logs can be used for forensic analysis in support of incident as well as to aid with normal traffic analysis.
Check Content
Review the active logs and verify the source IP, destination IP, port, protocol used and action taken are recorded fields in the event record. If logs do not include the source IP, destination IP, port, or protocol, this is a finding.
Fix Text
Ensure the firewall logs are receiving source IP, destination IP, port, protocol used and action taken.
Additional Identifiers
Rule ID:
Vulnerability ID: V-25891
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |