Dragos Platform must allocate audit record storage retention length.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-271008 | SRG-APP-000357 | DRAG-OT-001430 | SV-271008r1057667_rule | 2024-12-23 | 1 |
| Description |
|---|
| In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of Dragos Platform and is closely associated with the database administrator (DBA) and system administrator (SA) roles. The DBA or SA will usually coordinate the allocation of physical drive space with Dragos Platform owner/installer and Dragos Platform will prompt the installer to provide the capacity information, the physical location of the disk, or both. |
| ℹ️ Check |
|---|
| In the UI, navigate to Admin >> SiteStore Management >> Advanced Settings. Review the System Security Plan (SSP). Verify Deleted Retention Days and Source Data Retention Days is set accordance with organization-defined audit record storage requirements. If not, this is a finding. |
| ✔️ Fix |
|---|
| In the UI, navigate to Admin >> SiteStore Management >> Advanced Settings. Set "Deleted Retention Days" and "Source Data Retention Days" (length in days) in accordance with organization-defined audit record storage requirements. Click "Save & Apply". |