Vulnerability Discussion
Automation Controller's web server must log all details related to user sessions in support of troubleshooting, debugging, and forensic analysis.
Without a data logging feature, the organization loses an important auditing and analysis tool for event investigations.
Satisfies: SRG-APP-000016-WSR-000005, SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000098-WSR-000060, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064
Check
For each Automation Controller host, determine whether the web server is logging all content related to user sessions.
Log in to Automation Controller as an administrator and navigate to console Settings >> System >> Miscellaneous System.
Verify the following settings:
Enable Activity Stream = On
Enable Activity Stream for Inventory Sync = On
Organization Admins Can Manage Users and Teams = On
All Users Visible to Organization Admins = On
If the configuration settings are not as above, this is a finding.
Fix
As a System Administrator, for each Automation Controller host, navigate to console Settings >> System >> Miscellaneous System.
Click "Edit".
Set the following:
Enable Activity Stream = On
Enable Activity Stream for Inventory Sync = On
Organization Admins Can Manage Users and Teams = On
All Users Visible to Organization Admins = On
Click "Save".