TNS FireEye

Audit Details

Name: TNS FireEye

Updated: 12/22/2023

Authority: TNS

Plugin: FireEye

Revision: 1.28

Estimated Item Count: 69

File Details

Filename: TNS_BestPractice_FireEye.audit

Size: 68.5 kB

MD5: 0be6ced4864ac5fcb0adead2829bac72

SHA256: 0b0b76c19a1ad9c1b8304b0badd22e5b50790fd9e894386c121615759b226a52

Audit Items

Description	Categories
FireEye - A scheduled system backup job is configured	CONTINGENCY PLANNING
FireEye - AAA failed logins are tracked	ACCESS CONTROL
FireEye - AAA is enabled	IDENTIFICATION AND AUTHENTICATION
FireEye - AAA LDAP binding user should not be an admin	ACCESS CONTROL
FireEye - AAA lockout settings apply to the 'admin' user	ACCESS CONTROL
FireEye - AAA lockouts are enabled	ACCESS CONTROL
FireEye - AAA lockouts delay further attempts for at least 30 seconds	ACCESS CONTROL
FireEye - AAA lockouts occur after at most 5 failures
FireEye - AAA tries local authentication first	IDENTIFICATION AND AUTHENTICATION
FireEye - AAA user mapping default	CONFIGURATION MANAGEMENT
FireEye - AAA user mapping source	CONFIGURATION MANAGEMENT
FireEye - Binary analysis AV-suite is enabled	SYSTEM AND INFORMATION INTEGRITY
FireEye - Boot image must be signed	SYSTEM AND INFORMATION INTEGRITY
FireEye - Boot manager password is set	SYSTEM AND INFORMATION INTEGRITY
FireEye - CLI commands do not hide any settings from administrators	CONFIGURATION MANAGEMENT
FireEye - Configuration auditing logs the required number of changes	CONFIGURATION MANAGEMENT
FireEye - Custom SNORT rules are enabled	SYSTEM AND INFORMATION INTEGRITY
FireEye - Email encryption certificates are verified	IDENTIFICATION AND AUTHENTICATION
FireEye - FENet patch updates are applied automatically	SYSTEM AND INFORMATION INTEGRITY
FireEye - FENet security content updates are applied automatically
FireEye - FireEye Web MPS version	CONFIGURATION MANAGEMENT
FireEye - Greylist URL list	AUDIT AND ACCOUNTABILITY
FireEye - Greylists are enabled	CONFIGURATION MANAGEMENT
FireEye - Guest images	CONFIGURATION MANAGEMENT
FireEye - Inline blocking mode configuration	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - Inline blocking network whitelists	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - Inline blocking signature policy exceptions	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - Interface configuration	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - IPMI is enabled	CONFIGURATION MANAGEMENT
FireEye - IPMI password needs to be set
FireEye - IPMI should be connected to a restricted management network
FireEye - LDAP encryption certificates are verified	IDENTIFICATION AND AUTHENTICATION
FireEye - LDAP requires encryption	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - List patches	SYSTEM AND INFORMATION INTEGRITY
FireEye - Local logging level includes all errors and warnings	AUDIT AND ACCOUNTABILITY
FireEye - Local logging level is not overridden except by defaults	AUDIT AND ACCOUNTABILITY
FireEye - Local logging retention configuration	AUDIT AND ACCOUNTABILITY
FireEye - Login banner	ACCESS CONTROL
FireEye - Management interface is only accessible from specific IP ranges	SYSTEM AND COMMUNICATIONS PROTECTION
FireEye - NTP client is synchronized	AUDIT AND ACCOUNTABILITY
FireEye - NTP client uses a custom server	AUDIT AND ACCOUNTABILITY
FireEye - NTP is enabled	AUDIT AND ACCOUNTABILITY
FireEye - Remote syslog is enabled	AUDIT AND ACCOUNTABILITY
FireEye - Remote syslog logging level includes all errors and warnings	AUDIT AND ACCOUNTABILITY
FireEye - Reports are run on a schedule	AUDIT AND ACCOUNTABILITY
FireEye - SNMP is enabled
FireEye - SNMP trap hosts that use community override use a secure community string	IDENTIFICATION AND AUTHENTICATION
FireEye - SNMP traps use a secure community string	IDENTIFICATION AND AUTHENTICATION
FireEye - SNMP uses a secure community string	IDENTIFICATION AND AUTHENTICATION
FireEye - SNMP v3 users have passwords	ACCESS CONTROL

Detections

Analytics

TNS FireEye

Audit Details

File Details

Audit Items