Many times I have seen that engineers used to allow any rule during troubleshooting and forget to remove which creates problem in audit and compliance check, is there any option so that engineers should configure rule with any in source/destination/port/application fields.
Thanks in advance,
I have also run across this, unfortunatly there is not a way to prevent this. However there are a few workarounds that you can do to monitor their activity.
Hope that helps.
I have also enabled alert from SIEM but somehow once it's implemented then you cant do anything and in time of removal, you have to face some impact which traffic is already started moving through that Rule.
however, seems awareness and adherence are the only way to minimize this issue. Thanks once again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!