Sentry must offload audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251002 | MOIS-ND-000900 | SV-251002r1028240_rule | CCI-001851 | low |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. | ||||
| STIG | Date | |||
| Ivanti Sentry 9.x NDM Security Technical Implementation Guide | 2024-09-25 | |||
Details
Check Text (C-251002r1028240_chk)
Verify Sentry is configured to offload audit records to a different system.
1. Log in to Sentry.
2. Go to Settings >> Syslog.
3. Verify that a syslog server is configured.
If the syslog server is not configured, this is a finding.
Fix Text (F-54391r1004880_fix)
Configure Sentry to forward/offload audit to a different system.
1. Log in to Sentry.
2. Go to Settings >> Syslog.
3. Configure a new syslog server if not already added.
4. Click on the syslog server(s) and in the "Modify Syslog"/"Add Syslog" pop-up dialog, under the "Facility Type", click the checkbox for "Audit".
5. Set the Admin State to "Enable".
6. Click "Apply".