[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning

ID: oval:gov.nist.usgcb.windowsseven:def:139Date: (C)2012-04-13   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE. This setting can generate a security audit in the Security event log when the log reaches a user-defined threshold. Note: If log settings are configured to Overwrite events as needed or Overwrite events older than x days, this event will not be generated. Windows Server 2003 generates a security audit in the Security log when it reaches a user-defined threshold. For example, if this value is set to 90, an event ID 523 will be entered in the log when the Security log reaches 90 percent of capacity. In this example the log entry would contain the following text: "The security event log is 90 percent full." This setting will have no effect if the Security log is configured to overwrite events as needed Vulnerability: If the Security log reaches 90 percent of its capacity and the computer has not been configured to overwrite events as needed, more recent events will not be written to the log. If the log reaches its capacity and the computer has been configured to shut down when it can no longer record events to the Security log, the computer will be shut down and will no longer be available to provide network services. Countermeasure: Configure the WarningLevel to a value of 90. Potential impact: This setting will generate an audit event when the Security log reaches the 90 percent-full threshold unless the log is configured to overwrite events as needed. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security!WarningLevel

Platform:
Microsoft Windows 7
Reference:
CCE-9501-8
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9501-8
XCCDF    10
xccdf_nist_benchmark_Windows_7
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
...

© SecPod Technologies