Ax-OS must off-load audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-276014 | AXOS-00-000070 | SV-276014r1122692_rule | CCI-001851 | high |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-APP-000358, SRG-APP-000086, SRG-APP-000090, SRG-APP-000097, SRG-APP-000108, SRG-APP-000111, SRG-APP-000115, SRG-APP-000116, SRG-APP-000118, SRG-APP-000120, SRG-APP-000121, SRG-APP-000122, SRG-APP-000123, SRG-APP-000125, SRG-APP-000181, SRG-APP-000267, SRG-APP-000275, SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294, SRG-APP-000320, SRG-APP-000357, SRG-APP-000359, SRG-APP-000360, SRG-APP-000362, SRG-APP-000363, SRG-APP-000364, SRG-APP-000365, SRG-APP-000366, SRG-APP-000367, SRG-APP-000368, SRG-APP-000369, SRG-APP-000370, SRG-APP-000376, SRG-APP-000515, SRG-APP-000745, SRG-APP-000750, SRG-APP-000755, SRG-APP-000760, SRG-APP-000765, SRG-APP-000770, SRG-APP-000775, SRG-APP-000780, SRG-APP-000785, SRG-APP-000790, SRG-APP-000795, SRG-APP-000800, SRG-APP-000945, SRG-APP-000950, SRG-APP-000955 | ||||
| STIG | Date | |||
| Axonius Federal Systems Ax-OS Security Technical Implementation Guide | 2025-11-25 | |||
Details
Check Text (C-276014r1122692_chk)
Select the gear icon (System Settings) >> External Integrations >> Syslog.
Under the Syslog menu, if the "Use Syslog" slide bar is not selected, this is a finding.
Under the Syslog menu, if "Syslog instance" has not been configured for an external log server(or otherwise proven Syslog is being captured by an external log server), this is a finding.
Fix Text (F-80057r1122691_fix)
Select the gear icon (System Settings) >> External Integrations >> Syslog.
Under the Syslog menu, enable "Use Syslog".
Under the Syslog menu, configure "Syslog instance" for an external log server.