Detections
Analytics

CCI|CCI-001855

Title

Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
4.1.2.4 Ensure system notification is sent out when volume is 75% full - SA and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
ALMA-09-053260 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053370 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053480 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053590 - AlmaLinux OS 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent usage.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
APPL-14-001030 The macOS system must configure audit capacity warning.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001030 - The macOS system must configure audit capacity warning.UnixDISA Apple macOS 15 (Sequoia) STIG v1r3
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
CD12-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management STIG v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 X86 v2r4
MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA MariaDB Enterprise 10.x v2r3 DB
MD3X-00-000630 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA MongoDB Enterprise Advanced 7.x STIG v1r1
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-009800 - The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O19C-00-005900 - The Oracle Database, or the logging or alerting mechanism the application uses, must provide a warning when allocated audit record storage volume record storage volume reaches 75 percent of maximum audit record storage capacity.OracleDBDISA Oracle Database 19c STIG v1r1 Database
O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 12c v3r2 Database
OL6-00-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000311 - The audit system must provide a warning when allocated audit record storage volume reaches a documented percentage of maximum audit record storage capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL08-00-030730 - OL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA Oracle Linux 8 STIG v2r4
OL08-00-030731 - OL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.UnixDISA Oracle Linux 8 STIG v2r4
PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Palo_AltoDISA STIG Palo Alto NDM v3r2
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - alertUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r5
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacityUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r5
PHTN-30-000057 - The Photon operating system must configure auditd to log space limit problems to syslog.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r4