The IDPS must produce audit records containing information to establish the source of the event, including, at a minimum, originating source address.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-206870 | SRG-NET-000077-IDPS-00062 | SV-206870r382864_rule | CCI-000133 | medium |
| Description | ||||
| Associating the source of the event with detected events in the logs provides a means of investigating an attack or suspected attack. While auditing and logging are closely related, they are not the same. Logging is recording data about events that take place in a system, while auditing is the use of log records to identify security-relevant information such as system or user accesses. In short, log records are audited to establish an accurate history. Without logging, it would be impossible to establish an audit trail. | ||||
| STIG | Date | |||
| Intrusion Detection and Prevention Systems Security Requirements Guide | 2025-05-19 | |||
Details
Check Text (C-206870r382864_chk)
Verify configuration produces audit records containing information to establish the source of the event, including, at a minimum, originating source address.
If the IDPS does not produce audit records containing information to establish the source of the event, including, at a minimum, originating source address, this is a finding.
Fix Text (F-7124r298123_fix)
Configure the IDPS to produce audit records containing information to establish the source of the event, including, at a minimum, originating source address.