Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.7.4 Configure NTP AuthenticationCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.1.11 Ensure the spoofed domains report is reviewed weeklyCIS Microsoft 365 Foundations E5 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2.1 Ensure that a minimal audit policy is createdCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure auditd service is enabledCIS Fedora 28 Family Linux Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog service is enabledCIS Debian 8 Server L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configuredCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabledCIS Debian Family Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Fedora 19 Family Linux Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostCIS Debian 8 Server L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostCIS Debian 9 Server L1 v1.0.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure logging is configured - '*.emerg :omusrmsg:*'CIS Debian Family Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.3 Ensure systemd-journal-remote is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure journald service is enabledCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.5 Ensure SSH LogLevel is appropriateCIS Debian 10 Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.1 Ensure rsyslog is installedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.4 Ensure journald is configured to write logfiles to persistent diskCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1 Ensure rsyslog is installedCIS Debian 10 Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.5 Ensure logging is configuredCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.6 Ensure journald log rotation is configured per site policyCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.14 Ensure sshd LogLevel is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS Oracle Linux 8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.1.3 Ensure audit_backlog_limit is sufficientCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian 10 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.4.2 Ensure the self-service password reset activity report is reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

6.1.1.3 Ensure journald log file rotation is configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.1.3 Ensure journald log file rotation is configuredCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.2.4 Ensure journald Storage is configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.3.1 Ensure rsyslog is installedCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.3.2 Ensure rsyslog service is enabled and activeCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.3.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.1.1 Ensure journald service is enabled and activeCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.2.1 Ensure systemd-journal-remote is installedCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.2.2 Ensure systemd-journal-remote authentication is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.1.3 Ensure audit_backlog_limit is sufficientCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.5 Ensure Audit Logging Is Enabled - audit_log_filterCIS MySQL 5.7 Community Database L2 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

18.10.43.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

AUDIT AND ACCOUNTABILITY

18.10.43.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NGWindows

AUDIT AND ACCOUNTABILITY

20.8 Ensure 'Active Directory Infrastructure object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY