Detections
Analytics

1.86 WN10-AU-000505

Information

The Security event log size must be configured to 1024000 KB or greater.

GROUP ID: V-220780RULE ID: SV-220780r958752

Inadequate log size will cause the log to fill up quickly. This may prevent audit events from being recorded properly and require frequent attention by administrative personnel.

Solution

Configure the policy value for

Computer Configuration >> Administrative Templates >> Windows Components >> Event Log Service >> Security >> 'Specify the maximum log file size (KB)'

to 'Enabled' with a 'Maximum Log Size (KB)' of '1024000' or greater.

If the system is configured to send audit records directly to an audit server, documented with the ISSO.

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CCI|CCI-001849, Rule-ID|SV-220780r958752_rule, STIG-ID|WN10-AU-000505, Vuln-ID|V-220780

Plugin: Windows

Control ID: 192ab5a21ca03585fa98e30573b859a6b4dc9774b663a815f2e461aca8cfd496