Prisma Cloud Compute must be configured to send events to the hosts' syslog.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-253530	SRG-APP-000111-CTR-000220	CNTR-PC-000310	SV-253530r960918_rule	2024-12-06	2

Description
Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must be properly collected and secured. Prisma Cloud Compute can be configured to send audit events to the host node's syslog in RFC5424-compliant format. Satisfies: SRG-APP-000111-CTR-000220, SRG-APP-000181-CTR-000485, SRG-APP-000358-CTR-000805, SRG-APP-000474-CTR-001180, SRG-APP-000516-CTR-000790

Description

Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must be properly collected and secured. Prisma Cloud Compute can be configured to send audit events to the host node's syslog in RFC5424-compliant format. Satisfies: SRG-APP-000111-CTR-000220, SRG-APP-000181-CTR-000485, SRG-APP-000358-CTR-000805, SRG-APP-000474-CTR-001180, SRG-APP-000516-CTR-000790

ℹ️ Check
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab. If the Syslog setting is "disabled", this is a finding. Select the "Manage" tab. If no Alert Providers are configured, this is a finding.

✔️ Fix
Navigate to Prisma Cloud Compute Console's >> Manage >> Alerts >> Logging tab. Set Syslog to "enabled". Select the "Manage" tab. Click "Add profile". Complete the form based on the organization. At a minimum, the following Alert triggers must be selected: - Host vulnerabilities. - Image vulnerabilities. Click "Save".