The Central Log Server must implement the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-263567	SRG-APP-000790-AU-000210	SV-263567r982421_rule		Medium

Description

Events of interest can be identified by the content of audit records, including system resources involved, information objects accessed, identities of individuals, event types, event locations, event dates and times, Internet Protocol addresses involved, or event success or failure. Organizations may define event criteria to any degree of granularity required, such as locations selectable by a general networking location or by specific system component.

STIG	Date
Central Log Server Security Requirements Guide	2024-12-04

Details

Check Text (C-67467r982420_chk)

Verify the Central Log Server is configured to implement the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records.

If the Central Log Server is not configured to implement the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records, this is a finding.

Fix Text (F-67375r981785_fix)

Configure the Central Log Server to implement the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records.