800-53|SI-4(12)

Title

AUTOMATED ALERTS

Description

The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications: [Assignment: organization-defined activities that trigger alerts].

Supplemental

This control enhancement focuses on the security alerts generated by organizations and transmitted using automated means. In contrast to the alerts generated by information systems in SI-4(5), which tend to focus on information sources internal to the systems (e.g., audit records), the sources of information for this enhancement can include other entities as well (e.g., suspicious activity reports, reports on potential insider threats).

Reference Item Details

Related: AC-18,IA-3

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled'WindowsCIS IE 10 v1.1.0
5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled'WindowsCIS IE 11 v1.0.0
8.1.15 Set 'Launching programs and unsafe files' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.15 Set 'Launching programs and unsafe files' to 'Enabled:Disable'WindowsCIS IE 11 v1.0.0
8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt'WindowsCIS IE 11 v1.0.0
8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt'WindowsCIS IE 10 v1.1.0
DTBI015 - The IE warning about certificate address mismatch must be enforced.WindowsDISA STIG Microsoft Internet Explorer 9 v1r15
DTBI820 - Launching programs and unsafe files property must be set to prompt (Internet zone).WindowsDISA STIG Microsoft Internet Explorer 9 v1r15
DTBI870 - Launching programs and unsafe files property must be set to prompt (Restricted Site zone).WindowsDISA STIG Microsoft Internet Explorer 9 v1r15
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - alertdF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - arcsightF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - ipfixF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - local-databaseF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - local-syslogF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - remote-high-speed-logF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - remote-syslogF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B - splunkF5DISA F5 BIG-IP Device Management 11.x STIG v2r1
FireEye - System events are emailed to administratorsFireEyeTNS FireEye
PANW-NM-000131 - The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.Palo_AltoDISA STIG Palo Alto NDM v2r1
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v1909 DC v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 v21H2 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 v20H2 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 1903 DC v1.19.9
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 2019 DC v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 1809 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v1909 MS v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v2004 MS v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 v21H1 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 1903 v1.19.9
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 1803 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 v2004 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 1909 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v20H2 DC v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 2019 MS v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v20H2 MS v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 10 v1507 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 2022 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 1903 MS v1.19.9
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 2016 DC v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT MSCT Windows Server 2022 DC v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows 11 v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server 2016 MS v1.0.0
Show security warning for potentially unsafe files - Internet ZoneWindowsMSCT Windows Server v2004 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows Server v1909 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows Server 2016 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows 10 v21H1 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows 10 v2004 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows 10 1903 v1.19.9
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows Server 2019 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites ZoneWindowsMSCT Windows 11 v1.0.0