This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Netwitness 11.3 STIG hardening

XuanangLi
Beginner
Beginner

‎2019-06-05 10:26 PM

Hi,

 

i want to apply STIG to my Netwitness 11.3. And i found that there is no guide line.

0 Likes
11 REPLIES 11

JamesMoon
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2019-06-06 01:55 AM

Hi Xuanang,

 

Please refer to "DISA STIG" section in 11.3 System Maintenance Guide.

11.3.0.0 supports all Audit Rules in the DISA STIG Control Group as you can confirm from /etc/audit/rules.d/nw-stig.rules.

 

STIG will be supported from 11.3.1.0 which is expected to be released in July, 2019.

The 11.3 System Maintenance Guide has been updated to remove the reference to STIG as it was incorrectly added.

 

The documentation for 11.3.1.0 will list the Exceptions (False positives, future release, etc.) in addition to the OpenSCAP report instructions and the manage_stig_controls script instructions that help you evaluate and address security issues.

 

As per the guide, "RSA will expand its support of STIG rules in future NetWitness Platform versions".

 

Thanks.

0 Likes

XuanangLi
Beginner
Beginner
In response to JamesMoon

‎2019-06-06 02:50 AM

Hi James,

 

Thanks.

So how should i apply STIG to my Netwitness 11.3?  Which file should i run?

0 Likes

XuanangLi
Beginner
Beginner
In response to JamesMoon

‎2019-06-06 09:17 PM

Hi James,

 

Is it out-of-box support?

 

Thanks ! 

 

 

Best Regards,

Xuanang

0 Likes

JamesMoon
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to XuanangLi

‎2019-06-06 10:04 PM

Hi Xuanang,

 

Yes, /etc/audit/rules.d/nw-stig.rules should contain the required Audit Rules out-of-box.

 

I am currently working with the Documentation team to confirm the required steps to install OpenSCAP on 11.3.0.0 as it is mentioned in the guide but appears to be missing from the 11.3 ISO.

I will provide further update once more detail becomes available.

Thanks.

XuanangLi
Beginner
Beginner
In response to JamesMoon

‎2019-06-06 10:07 PM

Hi James,

 

Thanks very much ! 

0 Likes

JamesMoon
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to XuanangLi

‎2019-06-18 07:05 PM

Hi Xuanang,

 

After verifying with the Documentation team, it has been confirmed that STIG will be supported from 11.3.1.0 which is expected to be released in July, 2019.

The 11.3 System Maintenance Guide has been updated to remove the reference to STIG as it was incorrectly added.

 

I have updated my original response as well. I am sorry for the confusion.

 

Thanks.

0 Likes

XuanangLi
Beginner
Beginner
In response to JamesMoon

‎2019-06-18 11:04 PM

Hi James,

 

That will be great! Thanks!

By the way, can you ask the Documentation team to create an KB(knowledge base) also?  It could help me get a better understanding of STIG hardening. Thanks.

0 Likes

JamesMoon
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to XuanangLi

‎2019-06-18 11:49 PM

Xuanang,

 

I expect the 11.3.1.0 System Maintenance Guide to provide the detailed instruction to follow but if anything is lacking, I will create a KB on that and post the link in this thread.

 

Thanks.

0 Likes

XuanangLi
Beginner
Beginner
In response to JamesMoon

‎2019-06-18 11:53 PM

Hi James,

 

Sure. That is great! Thank you very much!

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.