The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-230943 | FORE-NM-000150 | SV-230943r1111869_rule | Low |
| Description |
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
| Forescout Network Device Management Security Technical Implementation Guide | 2025-06-12 |
Details
| Check Text (C-33873r1111867_chk) |
| Verify the syslog. 1. Log on to Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To. 3. Click the IP address of the site's centralized syslog server. 4. Verify Identity, Facility, and Severity, as required by the SSP, are configured. If the site's syslog server is not configured, this is a finding. |
| Fix Text (F-33846r1111868_fix) |
| Configure the syslog. 1. Log on to Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To. 3. Click "Add". 4. Enter the IP address of the site's centralized syslog. 5. Configure Identity, Facility, and Severity as required by the SSP. |