OpenControls Logo

STIG Viewer

Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-251006MOIS-ND-000980SV-251006r1028244_ruleCCI-002605high
Description
Without syslog enabled it will be difficult for an ISSO to correlate the users behavior and identify potential threats within the logs.
STIGDate
Ivanti Sentry 9.x NDM Security Technical Implementation Guide2024-09-25

Related Frameworks

5 paths across 3 frameworks
NIST 800-531 mapping
SI-2
1.00
  • DISA · V3R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1713 mappings
3.14.1
1.00
  • DISA · V3R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.14.2
1.00
  • DISA · V3R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.14.3
1.00
  • DISA · V3R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002605
1.00
  • DISA · V3R1 · disa_xccdf · related

Details

Check Text (C-251006r1028244_chk)

To identify/validate Sentry support for syslog forwarding, follow the navigation steps below. 1. Log in to the Sentry. 2. Navigate to "Settings". 3. Scroll down to "Syslog". 4. Verify that a syslog server has been configured correctly. a. Verify Server IP address. b. Verify Port. c. Verify Facility Types. d. Verify Admin state is enabled. If syslog forwarding has not been implemented, this is a finding.

Fix Text (F-54395r1004892_fix)

Configure the Sentry to forward syslog data using the steps below Refer to "Sentry Guide for Core", section "Syslog", page 140. 1. Log in to the Sentry. 2. Navigate to "Settings". 3. Scroll down to "Syslog". 4. If there is no syslog server entry, ADD the server: a. Add Server IP address. b. Add Port. c. Select/add Facility Types and Log Levels. d. Enable Admin state.