PANW-NM-000097 - The Palo Alto Networks security platform must have alarms enabled.

Information

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.

Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Solution

Go to Device >> Log Settings >> Alarms.
Select the 'Edit' icon (the gear symbol in the upper-right corner of the pane).
In the 'Alarm Settings' window; select the 'Enable Alarms' box.
Select 'OK'.
Commit changes by selecting 'Commit' in the upper-right corner of the screen.
Select 'OK' when the confirmation dialog appears.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PAN_Y24M10_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(2), CAT|III, CCI|CCI-001858, CCI|CCI-003831, Rule-ID|SV-228662r997675_rule, STIG-ID|PANW-NM-000097, STIG-Legacy|SV-77241, STIG-Legacy|V-62751, Vuln-ID|V-228662

Plugin: Palo_Alto

Control ID: 76d825623f4d67ca302f63263dfcc546246a5944608d8875f2e4281ce57ccebf