Detections
Analytics
WN12-SO-000049 - The system must generate an audit event when the audit log reaches a percentage of full threshold.
Information
When the audit log reaches a given percent full, an audit event is written to the security log. It is recorded as a successful audit event under the category of System. This option may be especially useful if the audit logs are set to be cleared manually.Solution
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90' or less.(See 'Updating the Windows Security Options File' in the STIG Overview document if MSS settings are not visible in the system's policy tools.)
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R7_STIG.zip
Item Details
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-5(1), 800-53|AU-5(2), 800-53|AU-5a., CAT|III, CCI|CCI-000139, CCI|CCI-001855, CCI|CCI-001858, Rule-ID|SV-225490r852259_rule, STIG-ID|WN12-SO-000049, STIG-Legacy|SV-52923, STIG-Legacy|V-4108, Vuln-ID|V-225490
Plugin: Windows
Control ID: 37556b0d9524ebc95c30e2549142aa301dd6517079af01a42de44bd0fb6ed9b8