| Applies to Product: |
 USM Appliance™
|
 LevelBlue OSSIM®
|
|
Testing Procedure |
How USM Appliance Delivers |
USM Appliance Instructions |
USM Appliance Documentation |
|---|---|---|---|
|
5.1 For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. |
USM Appliance detects the presence of running processes such as anti-virus software. |
Enable the plugin for your anti-virus software, and enable forwarding of the syslog events from the anti-virus manager. |
|
|
Run the anti-virus Raw Logs report to verify the anti-virus software is running. |
|||
|
5.2.b Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are |
The Vulnerability Scan in USM Appliance can test configurations to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. |
Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
|
|
|
Run a Vulnerability Scan using the custom scan profile that was created. |
|||
|
Export successful scan results and identify findings to determine if system is configured correctly. |
|||
|
View the anti-virus logs in SIEM Events. |
|||
|
5.2.c Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that |
The Vulnerability Scan in USM Appliance can test configuration to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. |
Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
|
|
|
Run a Vulnerability Scan using the custom scan profile that was created. |
|||
|
Export successful scan results and identify findings to determine if system is configured correctly. |
|||
|
View the anti-virus logs in SIEM Events. |
|||
|
5.2.d Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that |
USM Appliance detects the presence of running processes such as anti-virus software. USM Appliance also collects and retains logs sent using AlienVault HIDS, in accordance with requirement 5.2.d |
Run the anti-virus “Raw Logs” report to verify the anti-virus software is running and generating logs.
|
|
|
View the anti-virus logs in SIEM Events. |
Security Events Views | ||
|
5.3.a Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify the anti-virus software is actively running. |
USM Appliance detects the presence of running processes such as anti-virus software. |
Run the existing “Antivirus Disabled” PCI report to verify anti-virus software is actively running. |
|
|
5.3.b Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that the anti-virus software cannot be disabled or altered by users. |
USM Appliance detects the presence of running processes such as anti-virus software. |
Run the existing “Antivirus Disabled” PCI report to verify anti-virus software has not been disabled by users. |
Feedback