ATM_ID: B27BDF42-53A2-11EA-9805-9BD3993DCDB4 MFF: PLANNEDTIMESTAFF: ID: WFAST_Accounting/Testcases/FS_50.001.01_Audit_Log_Events/10722 TESTCASE_HEADLINE: Event ID=157 Audit log shall log the event for manual Lock Down Security Check Complete GROUP: FEATURE: SUB_FEATURE: INPUT:

Audit Log:

  1. Ensure that FIK has been installed 2. Create a local user with admin permissions
    Syslog:

  1. Syslog Destination Server details must be configured.

PROCEDURE:

  

  1. In CWIS - Login as local user - > Navigate to Properties -- Security -- Locked Down and Remediate-- Select Check Now 2. Navigate to Properties -- Security - Audit Log - Export Audit Log 3. Check for details in the Audit Log. 4. In LUI - Login as local user -- Device--tools-- Security settings-- Lockdown and remediate-- Check now 5. Navigate to Properties -- Security - Audit Log - Export Audit Log 6. Check for details in the Audit Log.

Note: Validate If an audit log event is generated with a missing entry data field and the feature should display as "Not available" in CEF Keyname display as "Not available" in CEF Keyname

OUTPUT:

The Audit log should display the Event ID: 157 and the below mentioned details on Lock Down Security Check Complete. User name: local user Device name Device serial number Completion status (“Success/ “Failed)


Sys log Verfication using View Events option:

Syslog+CEF format shoud be displayed as per the Spec (Refer SIEM Integration and Audit Log Events Spec):

PRI number; Timestamp; Device name; CEF:0; Xerox; Device Model; Device Software Version; Device Audit log Event ID; Audti log Event Description; Severity)along with CEF Key Name Mapping.

PROCESS: PRIORITY: TEST_TYPE: automated LOE: RESOURCE_HW: RESOURCE_CONSUMEABLES: RESOURCE_MEDIA: SKILL_SET: TEST_CASE_TYPE: testcases TESTCASE_SOURCE: SPEC: FS_55.12_SIEM_Integration SPEC_VERSION: 1.0004999999999999 SPEC_TAG: [55.120.045](FT-26004)[D5.3-*] If an audit log event is generated with a missing entry data field the feature shall use the value “Not Available” to map the CEF Keyname. 50.001.01.161 [R16-11, D3.6-*] | 157 | Lockdown Security Check Complete | User name (if available. “SYSTEM”, if executed as a scheduled event) | Device name | Device serial number | Completion status (“Success” / “Failed” 50.001.01.162 [R16-11, D3.6-*] | 158 | Lockdown Remediation Complete | User name (if available. “SYSTEM”, if executed as a scheduled event) | Device name | Device serial number | Completion status (“Success” / “Failed”) 50.001.01.160 [R16-11, D3.6-*] | 156 | Lockdown and Remediate Security | User name | Device Name | Device Serial number | Completion status: (“Enabled” / “Disabled”) ATM_OWNER: APPROVE_QE: APPROVED_QE: APPROVE_SE: APPROVED_SE: APPROVE_SPAR: APPROVED_SPAR: ASSOCIATED_TESTCASES: TRAINING: TESTCASE_VERSION: TESTCASE_STATE: TESTCASE_PLATFORM: TESTCASE_PRODUCT: canyon, carroll, carroll_sfp, corvo, corrib, kiska, malawi, mystic, melody_sfp, melody, muckross TESTCASE_APPROVALS: CDATE: 1582176883 MDATE: 1582176883 MUSER: q4BVX0J1 AUTHOR: q4BVX0J1 ATM_MCOMMENTS: Imported from spreadsheet HISTORY: ATM_LOCKED: ATM_REQLINK: CAAAE4AE-5461-11EA-9DCE-65D4993DCDB4, 43704636-97F7-11E9-9925-CFADAA3FCFED, 4370A644-97F7-11E9-9925-CFADAA3FCFED, 436FF76C-97F7-11E9-9925-CFADAA3FCFED ATM_REQCOUNT: 4 QA_TEAM: TC_WEIGHTAGE: FILENAME: FILEDESC: FILES: RELEASE: AUTOMATION_GROUP: TC_WORK_LOCATION_CAT: work_from_office_tc DEVICE_CATEGORY: common CONSTRAINTS_DAR: Imp_98 . NA Done By Previous Analysis COMPETENCY: wfast_accounting APTEST_TRACKING: yes COMPLEXITY_OUTPUT_VALIDATION: non_outliers AUTOMATION_CANDIDATE: yes AUTOMATABLE: yes SRT_ANALYZATION: analyzed