7.4 Ensure that logging is enabled on built-in default security policies

Information

Enable logging on built-in default security policies 'intrazone-default' and 'interzone-default'

Rationale:

By default, these default security policies does not have logging enabled. This enables SOC or security analyst to do further investigations on security incidents especially on threat hunting or incident response activities.

Solution

Navigate to Policies > Security
Go to default policies intrazone-default and interzone-default. On Actions tab, enable Log at Session End on log setting.

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/13792

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, 800-53|SI-4(4), CSCv7|6.3

Plugin: Palo_Alto

Control ID: 3ff212a1808db82fa09af90b3eeac2b042d95f22a605108d292087d270bdab5b