Item Search

Name	Audit Name	Plugin
2.1 Ensure that IP addresses are mapped to usernames	CIS Palo Alto Firewall 11 v1.0.0 L2	Palo_Alto
2.1 Ensure that IP addresses are mapped to usernames - User ID Agents	CIS Palo Alto Firewall 10 v1.1.0 L2	Palo_Alto
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.0 L1	Windows
4.1.3.11 Ensure session initiation information is collected	CIS Oracle Linux 9 Server L2 v1.0.0	Unix
4.1.3.11 Ensure session initiation information is collected	CIS AlmaLinux OS 9 Server L2 v1.0.0	Unix
4.1.3.11 Ensure session initiation information is collected	CIS AlmaLinux OS 9 Workstation L2 v1.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - auditctl btmp	CIS Red Hat EL8 Workstation L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - auditctl btmp	CIS Oracle Linux 8 Workstation L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - auditctl utmp	CIS AlmaLinux OS 8 Workstation L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - auditctl wtmp	CIS Oracle Linux 8 Server L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - auditctl wtmp	CIS Ubuntu Linux 22.04 LTS Server L2 v.1.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - btmp	CIS Oracle Linux 8 Server L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - btmp	CIS Oracle Linux 8 Workstation L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - utmp	CIS Oracle Linux 8 Server L2 v2.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - wtmp	CIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0	Unix
4.1.3.11 Ensure session initiation information is collected - wtmp	CIS AlmaLinux OS 8 Workstation L2 v2.0.0	Unix
4.1.4 Ensure login and logout events are collected - auditctl /var/log/lastlog	CIS Red Hat EL8 Workstation L2 v1.0.1	Unix
4.1.4 Ensure login and logout events are collected - auditctl faillock	CIS Oracle Linux 8 Workstation L2 v1.0.1	Unix
4.1.4 Ensure login and logout events are collected - auditctl faillock	CIS AlmaLinux OS 8 Server L2 v1.0.0	Unix
4.1.4 Ensure login and logout events are collected - auditctl faillock	CIS CentOS Linux 8 Server L2 v1.0.1	Unix
4.1.4 Ensure login and logout events are collected - auditctl lastlog	CIS AlmaLinux OS 8 Workstation L2 v1.0.0	Unix
4.1.4 Ensure login and logout events are collected - auditctl lastlog	CIS CentOS Linux 8 Workstation L2 v1.0.1	Unix
4.1.4 Ensure login and logout events are collected - faillock	CIS CentOS Linux 8 Workstation L2 v1.0.1	Unix
4.1.4 Ensure login and logout events are collected - lastlog	CIS CentOS Linux 8 Server L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - auditctl utmp	CIS Red Hat EL8 Workstation L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - auditctl utmp	CIS Oracle Linux 8 Server L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - auditctl utmp	CIS AlmaLinux OS 8 Workstation L2 v1.0.0	Unix
4.1.5 Ensure session initiation information is collected - auditctl utmp	CIS CentOS Linux 8 Server L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - utmp	CIS Red Hat EL8 Workstation L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - wtmp	CIS Red Hat EL8 Workstation L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - wtmp	CIS Oracle Linux 8 Workstation L2 v1.0.1	Unix
4.1.5 Ensure session initiation information is collected - wtmp	CIS AlmaLinux OS 8 Server L2 v1.0.0	Unix
5.2.7 Ensure SSH MaxAuthTries is set to 4 or less - sshd_config	CIS Oracle Linux 8 Server L1 v1.0.1	Unix
5.2.7 Ensure SSH MaxAuthTries is set to 4 or less - sshd_config	CIS Red Hat EL8 Server L1 v1.0.1	Unix
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0	Windows
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller	Windows
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows Server 2019 DC L1 v1.2.1	Windows
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0	Windows
17.5.4 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller	Windows
17.5.4 Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1	Windows
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0	Windows
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0	Windows
17.5.5 Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1	Windows
17.5.5 Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1	Windows
17.5.5 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise v2.0.0 L1	Windows
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0	Windows
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'	CIS Windows Server 2012 R2 DC L1 v2.6.0	Windows
17.5.6 (L1) Ensure 'Audit Special Logon' is set to include 'Success'	CIS Microsoft Windows Server 2019 v3.0.0 L1 Member Server	Windows
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	CIS Microsoft Windows 10 Enterprise v2.0.0 L1	Windows
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	CIS Microsoft Windows Server 2016 DC L1 v1.4.0	Windows

Detections

Analytics

Item Search