[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning

ID: oval:gov.nist.usgcb.windowsseven:def:139Date: (C)2012-04-13   (M)2017-10-21
Class: COMPLIANCEFamily: windows




The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE. This setting can generate a security audit in the Security event log when the log reaches a user-defined threshold. Note: If log settings are configured to Overwrite events as needed or Overwrite events older than x days, this event will not be generated. Windows Server 2003 generates a security audit in the Security log when it reaches a user-defined threshold. For example, if this value is set to 90, an event ID 523 will be entered in the log when the Security log reaches 90 percent of capacity. In this example the log entry would contain the following text: "The security event log is 90 percent full." This setting will have no effect if the Security log is configured to overwrite events as needed Vulnerability: If the Security log reaches 90 percent of its capacity and the computer has not been configured to overwrite events as needed, more recent events will not be written to the log. If the log reaches its capacity and the computer has been configured to shut down when it can no longer record events to the Security log, the computer will be shut down and will no longer be available to provide network services. Countermeasure: Configure the WarningLevel to a value of 90. Potential impact: This setting will generate an audit event when the Security log reaches the 90 percent-full threshold unless the log is configured to overwrite events as needed. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security!WarningLevel

Platform:
Microsoft Windows 7
Reference:
CCE-9501-8
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9501-8
XCCDF    9
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_7
xccdf_hippa_benchmark_Windows_7
xccdf_org.secpod_benchmark_ISO27001_Windows_7
xccdf_gov.nist_benchmark_USGCB-Windows-7
...

© 2013 SecPod Technologies