CylanceON-PREM must be configured to use an external database if users exceed 30,000.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-272637 | CYLN-OP-000705 | SV-272637r1113525_rule | Medium |
| Description |
| Exhausting audit log storage will introduce failures in audit logging, which will result in loss of security monitoring information. Satisfies: SRG-APP-000357, SRG-APP-000359 |
| STIG | Date |
| Arctic Wolf CylanceON-PREM Security Technical Implementation Guide | 2025-06-11 |
Details
| Check Text (C-76718r1113523_chk) |
| If there are less than 30,000 users, this requirement is Not Applicable. Verify external database. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. View Database Connection Settings. If no database settings are found, the system was installed with the local database, and default size settings are used, this is a finding. |
| Fix Text (F-76623r1113524_fix) |
| If there are less than 30,000 users, this requirement is Not Applicable. To install CylanceON-PREM with an external database, configure the virtual appliance during setup to use the chosen external database, specifying details such as the database server address, credentials, and database name, instead of relying on the default internal database included with the appliance. After reinstalling, verify with the database administrator (DBA) that the requirement is met. Refer to https://docs.blackberry.com/en/unified-endpoint-security/cylanceonprem/cylance-on-prem-administration-guide/Configure_CylanceON-PREM_Virtual_Appliance/External_Database_Overview. |