Check: SRG-APP-000358-UEM-000228
Unified Endpoint Management Agent SRG:
SRG-APP-000358-UEM-000228
(in version v1 r0.1)
Title
The UEM server must be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Check Content
Verify the UEM server transfers UEM server logs to another server for storage, analysis, and reporting. If the UEM server does not transfer UEM server logs to another server for storage, analysis, and reporting, this is a finding. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Fix Text
Configure the UEM server to be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Additional Identifiers
Rule ID: SRG-APP-000358-UEM-000228_rule
Vulnerability ID: SRG-APP-000358-UEM-000228
Group Title: SRG-APP-000358-UEM-000228
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |