[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-15117-5

Platform: cpe:/o:microsoft:windows_10Date: (C)2022-11-15   (M)2023-07-04



Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Process creation records events related to the creation of a process and the source. Fix: Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Detailed Tracking >> "Audit Process Creation" with "Success" selected.


Parameter:

[audit_none/audit_success/audit_failure/audit_success_failure]


Technical Mechanism:

Configure the policy value for Computer Configuration Windows Settings Security Settings Advanced Audit Policy Configuration System Audit Policies Detailed Tracking "Audit Process Creation" with "Success" selected.

CCSS Severity:CCSS Metrics:
CCSS Score : 4.7Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 3.6Privileges Required: LOW
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: NONE
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:85538
OVAL    1
oval:org.secpod.oval:def:85538
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_10

© SecPod Technologies