Detections
Analytics

CCI|CCI-001855

Title

Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
4.1.2.4 Ensure system notification is sent out when volume is 75% full - SA and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
ALMA-09-053260 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053370 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053480 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053590 - AlmaLinux OS 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent usage.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
APPL-14-001030 The macOS system must configure audit capacity warning.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001030 - The macOS system must configure audit capacity warning.UnixDISA Apple macOS 15 (Sequoia) STIG v1r3
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
CD12-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management STIG v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 X86 v2r4
MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA MariaDB Enterprise 10.x v2r3 DB
MD3X-00-000630 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA MongoDB Enterprise Advanced 7.x STIG v1r1
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-009800 - The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 12c v3r2 Database
OL6-00-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000311 - The audit system must provide a warning when allocated audit record storage volume reaches a documented percentage of maximum audit record storage capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL08-00-030730 - OL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA Oracle Linux 8 STIG v2r4
OL08-00-030731 - OL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.UnixDISA Oracle Linux 8 STIG v2r4
PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Palo_AltoDISA STIG Palo Alto NDM v3r2
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - alertUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r5
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacityUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r5
PHTN-30-000057 - The Photon operating system must configure auditd to log space limit problems to syslog.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r4
PHTN-40-000112 The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1