Sentry must offload audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251002 | MOIS-ND-000900 | SV-251002r1028240_rule | CCI-001851 | low |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. | ||||
| STIG | Date | |||
| Ivanti Sentry 9.x NDM Security Technical Implementation Guide | 2024-09-25 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-4(1)
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001851
1.00
- DISA · V3R1 · disa_xccdf · related
Details
Check Text (C-251002r1028240_chk)
Verify Sentry is configured to offload audit records to a different system.
1. Log in to Sentry.
2. Go to Settings >> Syslog.
3. Verify that a syslog server is configured.
If the syslog server is not configured, this is a finding.
Fix Text (F-54391r1004880_fix)
Configure Sentry to forward/offload audit to a different system.
1. Log in to Sentry.
2. Go to Settings >> Syslog.
3. Configure a new syslog server if not already added.
4. Click on the syslog server(s) and in the "Modify Syslog"/"Add Syslog" pop-up dialog, under the "Facility Type", click the checkbox for "Audit".
5. Set the Admin State to "Enable".
6. Click "Apply".