Exchange Audit record parameters must be set.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-228359	SRG-APP-000089	EX16-MB-000060	SV-228359r879559_rule	2023-12-18	2

Description
Log files help establish a history of activities and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.

Description

Log files help establish a history of activities and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.

ℹ️ Check
Open the Exchange Management Shell and enter the following command: Get-AdminAuditLogConfig \| Select AdminAuditLogParameters Note: The value of "" indicates all parameters are being audited. If the value of "AdminAuditLogParameters" is not set to "", this is a finding.

✔️ Fix
Open the Exchange Management Shell and enter the following command: Set-AdminAuditLogConfig -AdminAuditLogParameters *