Generating email alerts
Rule Title: RiOS must generate an email alert for all log in failure events requiring alerts.
STIG ID: RICX-DM-000053
Rule ID: SV-77391r1_rule Severity: CAT II
Vuln ID: V-62901 Class: Unclass
The appropriate personnel must be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel might be unaware of an impending failure of the audit capability and system operation might be adversely affected.
Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (that is, the time from event detection to alert occurs in seconds or less).
Verifying the system is generating email alerts
Verify that RiOS is configured to generate an immediate real-time alert for all audit failure events requiring real-time alerts.
To verify the system is generating email alerts
1. Connect to the Management Console.
2. Choose Administration > System Settings: Email to display the Email page.
3. Verify that an SMTP Server is defined.
4. Verify that an SMTP Port is defined.
5. Verify that the Report Events via Email and the Report Failures via Email check boxes are selected and that at least one email address is defined for each. If no email accounts are defined, this is a security vulnerability finding.
Configuring the system is generating email alerts
Configure RiOS to generate an immediate real-time alert for all audit failure events requiring real-time alerts.
To configure the system to generate email alerts
1. Connect to the Management Console.
2. Choose Administration > System Settings: Email to display the Email page.
3. Type an SMTP Server name and port number.
4. Select the Report Events via Email and the Report Failures via Email check boxes and specify least one email address for each.
5. Click Apply.