ATM_ID: B1348260-53A2-11EA-9805-9BD3993DCDB4

MFF:

PLANNEDTIMESTAFF:

ID: WFAST_Accounting/Testcases/FS_50.001.01_Audit_Log_Events/10520

TESTCASE_HEADLINE: Event ID=84
 The audit log entry data shall report events contained in table 1 Audit Log - Trellix Security State Event ID = 84 UserName Device name Device serial number Security Mode (Enhanced Security / Integrity Control) Completion Status (Enabled / Disabled) NOTE: Trellix Security State is set off by default. Setting any of the two Security Modes enable the feature. 

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: <p></p><p>Audit Log:</p><p>&nbsp;&nbsp;1. Open Access should be enabled in CWIS for Non-Logged in user.</p><p>&nbsp;&nbsp;2. Test procedure should be performed through Guest User only</p><p>&nbsp;&nbsp;&nbsp;&nbsp;Syslog:</p><p>&nbsp;&nbsp;1. Syslog Destination Server details must be configured.</p>

PROCEDURE: <p>Trellix Security State Enabled with Integrity Control mode:<br />
1.) Through WebUI: Enable Trellix Security State with Integrity Control mode. NOTE: Device will reboot after changes to Trellix Security State are made<br />
2.) Upon reboot save the audit log and view the recorded events. .<br />
3.) Validate the audit log has an event for Trellix Security State.<br />
4.) Validate the Trellix Security State event contains the correct event ID; event description and the correct event data.<br />
5.) Validate the Trellix Security State entry data contains the User name; Device Name; Device Serial number; Security Mode (Integrity Control) and Enabled for Completion Status.</p>

OUTPUT: <p>The audit log has an event for a Trellix Security State.<br />
The Trellix Security State event contains the correct event ID; event description and the correct event data.<br />
The Trellix Security State entry data contains the User name; Device Name; Device Serial number; Security Mode (Integrity Control) and Enabled for Completion Status.</p><p>Sys log Verfication using View Events option:</p><p>Syslog+CEF format shoud be displayed as per the Spec (Refer SIEM Integration and Audit Log Events Spec):</p><p>PRI number; Timestamp; Device name; CEF:0; Xerox; Device Model; Device Software Version; Device Audit log Event ID; Audti log Event Description; Severity)along with CEF Key Name Mapping.</p>

PROCESS:

PRIORITY:

TEST_TYPE: automated

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE: testcases

TESTCASE_SOURCE:

SPEC: FS 50.001 Audit Log Events

SPEC_VERSION: 18

SPEC_TAG: 50.001.01.239 {DY7.7} | 84 | Trellix Embedded Security State | UserName | Device name | Device Serial Number | Security Mode | (Enhanced Security / Integrity Control) | Completion Status (Enabled / Disabled / Pending Enable)

ATM_OWNER:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT: canyon, carroll, carroll_sfp, corvo, corrib, kiska, malawi, mystic, melody_sfp, melody, muckross

TESTCASE_APPROVALS:

CDATE: 1582176881

MDATE: 1582176881

MUSER: q4BVX0J1

AUTHOR: q4BVX0J1

ATM_MCOMMENTS: Imported from spreadsheet

HISTORY:

ATM_LOCKED:

ATM_REQLINK: FCD61F68-5196-11ED-9488-DC0F28C85694

ATM_REQCOUNT: 1

QA_TEAM:

TC_WEIGHTAGE:

FILENAME:

FILEDESC:

FILES:

RELEASE:

AUTOMATION_GROUP:

TC_WORK_LOCATION_CAT: work_from_home_tc

DEVICE_CATEGORY: common

CONSTRAINTS_DAR: Imp_98 . NA  Done By Previous Analysis

COMPETENCY: wfast_accounting

APTEST_TRACKING: yes

COMPLEXITY_OUTPUT_VALIDATION: non_outliers

AUTOMATION_CANDIDATE: yes

AUTOMATABLE: yes

SRT_ANALYZATION: analyzed