Details

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.

Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Solution

Go to Device >> Log Settings >> Alarms
Select the ‘Edit’ icon (the gear symbol in the upper-right corner of the pane).
In the ‘Alarm Settings’ window; select the ‘Enable Alarms’ box.
Select ‘OK’.
Commit changes by selecting ‘Commit’ in the upper-right corner of the screen.
Select ‘OK’ when the confirmation dialog appears.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PAN_Y21M07_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Palo_Alto.

References

• 800-53|AU-5(2)
• CAT|III
• CCI|CCI-001858
• Group-ID|V-62751
• Rule-ID|SV-77241r1_rule
• STIG-ID|PANW-NM-000097
• Vuln-ID|V-62751

Source

• Tenable.com/audits