[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-15119-1

Platform: cpe:/o:microsoft:windows_10Date: (C)2022-11-15   (M)2023-07-04



Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Sensitive Privilege Use records events related to use of sensitive privileges, such as "Act as part of the operating system" or "Debug programs". Fix: Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Privilege Use >> "Audit Sensitive Privilege Use" with "Failure" selected.


Parameter:

[audit_none/audit_success/audit_failure/audit_success_failure]


Technical Mechanism:

Configure the policy value for Computer Configuration Windows Settings Security Settings Advanced Audit Policy Configuration System Audit Policies Privilege Use "Audit Sensitive Privilege Use" with "Failure" selected.

CCSS Severity:CCSS Metrics:
CCSS Score : 7.0Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: LOW
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:85532
OVAL    1
oval:org.secpod.oval:def:85532
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_10

© SecPod Technologies