EX13-CA-000050 – Exchange must have Audit record parameters set.

Details

Log files help establish a history of activities, and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately research events that are logged.

Audit records should include the following fields to supply useful event accounting:

Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.

Solution

Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogParameters *

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2013_Y21M01_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.

References

800-53|AU-12a.
CAT|III
CCI|CCI-000169
Rule-ID|SV-84355r1_rule
STIG-ID|EX13-CA-000050
Vuln-ID|V-69733

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles