Details

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Off-loading is a common process in information systems with limited audit storage capacity.

This does not apply to audit logs generated on behalf of the device itself (management).

Solution

Configure audit log off-loading.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Configure the ‘Upload Client’ and ‘Upload Schedule’ capabilities. (All client types use TCP for communication to the site’s event server.)

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system BlueCoat.

References

• 800-53|AU-4(1)
• CAT|II
• CCI|CCI-001851
• Rule-ID|SV-104211r1_rule
• STIG-ID|SYMP-AG-000210
• Vuln-ID|V-94257

Source

• Tenable.com/audits