PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

Information

If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion. This could lead to the loss of audit information. Note that while the network device must generate the alert, notification may be done by a management server.

Solution

Go to Device >> Log Settings >> Alarms
Select the 'Edit' icon (the gear symbol in the upper-right corner of the pane).

In the 'Alarm Settings' window:
Select the 'Enable Alarms' box.
In the 'Traffic Log DB' field, enter '75'.
In the 'Threat Log DB' field, enter '75'.
In the 'Configuration Log DB' field, enter '75'.
In the 'System Log DB' field, enter '75'.
In the 'Alarm DB' field, enter '75'.
In the 'HIP Match Log DB' field, enter '75'.
Select 'OK'.
Commit changes by selecting 'Commit' in the upper-right corner of the screen. Select 'OK' when the confirmation dialog appears.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PAN_Y22M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

References: 800-53|AU-5(1), 800-53|CM-6b., CAT|III, CCI|CCI-000366, CCI|CCI-001855, Rule-ID|SV-228661r513588_rule, STIG-ID|PANW-NM-000096, STIG-Legacy|SV-77239, STIG-Legacy|V-62749, Vuln-ID|V-228661

Plugin: Palo_Alto

Control ID: 66b6a3abcb9a571c3bcb956aaa7be30383629d46062ec211f75e2da85c5b27b5