The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-230943 | SRG-APP-000515-NDM-000325 | FORE-NM-000150 | SV-230943r1111869_rule | 2025-06-12 | 2 |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| ℹ️ Check |
|---|
| Verify the syslog. 1. Log on to Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To. 3. Click the IP address of the site's centralized syslog server. 4. Verify Identity, Facility, and Severity, as required by the SSP, are configured. If the site's syslog server is not configured, this is a finding. |
| ✔️ Fix |
|---|
| Configure the syslog. 1. Log on to Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To. 3. Click "Add". 4. Enter the IP address of the site's centralized syslog. 5. Configure Identity, Facility, and Severity as required by the SSP. |