Detections
Analytics

CCI|CCI-001855

Title

The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Server 2008 MS STIG v6r46
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows 7 STIG v1r32
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Server 2008 R2 DC STIG v1r34
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Server 2008 DC STIG v6r47
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Server 2008 R2 MS STIG v1r33
4.1.2.4 Ensure system notification is sent out when volume is 75% full - SA and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AOSX-09-000305 - System must provide an immediate warning to the SA and ISSO when allocated audit record storage volume reaches 75%.UnixDISA STIG Apple Mac OSX 10.9 v1r2
AOSX-10-000305 - System must provide an immediate warning to the SA and ISSO when allocated audit record storage volume reaches 75%.UnixDISA STIG Apple Mac OSX 10.10 v1r5
AOSX-11-000305 - The system must provide an immediate real-time alert of all audit failure events requiring real-time alerts.UnixDISA STIG Apple Mac OSX 10.11 v1r6
APPL-14-001030 - The macOS system must configure audit capacity warning.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r3
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r3 Middleware
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r7
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximumWindowsDISA STIG IBM DB2 v10.5 LUW v1r3 OS Windows
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximumUnixDISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v1r1
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v1r1
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
EPAS-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v1r1
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management 11.x STIG v2r2
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management 11.x STIG v1r7
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management STIG v2r3
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r2
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r2