Documentation - V-228672

Title

The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.

Description

<VulnDiscussion>CJCSM 6510.01B, "Cyber Incident Handling Program", in subsection e.(6)(c) sets forth three requirements for Cyber events detected by an automated system: If the cyber event is detected by an automated system, an alert will be sent to the POC designated for receiving such automated alerts. CC/S/A/FAs that maintain automated detection systems and sensors must ensure that a POC for receiving the alerts has been defined and that the IS configured to send alerts to that POC. The POC m...

Fix Text (Documentation Requirement)

For SNMP traps, follow the following steps: Configure the SNMP Trap Destinations; go to Device >> Server Profiles >> SNMP Trap. Select "Add". In the "SNMP Trap Server Profile" window, enter the required information. For SNMP Version, select "V3". Enter the name of the SNMP Server Profile. Select "Add". Server—Specify the SNMP trap destination name (up to 31 characters). Manager—Specify the IP address of the trap destination. User—Specify the SNMP user. EngineID—Specify the engine ID of the firewall. The input is a string in hexadecimal representation. The engine ID is any number between 5 to 64 bytes. When represented as a hexadecimal string, this is between 10 and 128 characters (2 characters for each byte) with two additional characters for 0x that must be used as a prefix in the inpu...