Check: SRG-OS-000038-VMM-000160
Virtual Machine Manager SRG:
SRG-OS-000038-VMM-000160
(in versions v2 r2 through v1 r3)
Title
The VMM must produce audit records containing information to establish when (date and time) the events occurred. (Cat II impact)
Discussion
Without establishing when events occurred, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know when events occurred (date and time). Associating event types with detected events in the VMM audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured VMM.
Check Content
Verify the VMM produces audit records containing information to establish when (date and time) the events occurred. If it does not, this is a finding.
Fix Text
Configure the VMM to produce audit records containing information to establish when (date and time) the events occurred.
Additional Identifiers
Rule ID: SV-207353r958414_rule
Vulnerability ID: V-207353
Group Title: SRG-OS-000038
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000131 |
Ensure that audit records containing information that establishes when the event occurred. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content of Audit Records |