Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.4 Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/ChangesCIS Google Cloud Platform Foundation v4.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

2.16 Ensure Logging is enabled for HTTP(S) Load BalancerCIS Google Cloud Platform Foundation v4.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

3.1.1 (L1) Ensure Microsoft 365 audit log search is EnabledCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2.1 Ensure that a minimal audit policy is createdCIS Kubernetes v1.11.1 L1 Master NodeUnix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'CIS CentOS 6 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /sbin/sysctl'CIS CentOS 6 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'CIS CentOS 6 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.6 Ensure audit system action is defined for sending errorsCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.10 Ensure the auditing processing failures are handled.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Fedora 28 Family Linux Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recordedCIS Debian 10 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Debian 10 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Debian 10 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.3.27 Ensure Printlastlog is enabledCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

5.4.8 Ensure date and time of last successful logonCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

6.1 Ensure 'log_error' is configured correctlyCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

AUDIT AND ACCOUNTABILITY

6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'CIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY

6.2.1.3 Ensure auditing for processes that start prior to auditd is enabledCIS Debian Linux 12 v1.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.8 Ensure administrators are notified if an audit processing failure occurs by modifying /etc/aliasesCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

6.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Linux Mint 22 v1.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS AlmaLinux OS 8 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS Red Hat Enterprise Linux 8 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.1.3 Ensure audit_backlog_limit is sufficientCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.1.3 Ensure audit_backlog_limit is sufficientCIS SUSE Linux Enterprise 15 v2.0.1 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS SUSE Linux Enterprise 15 v2.0.1 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Ubuntu Linux 20.04 LTS v3.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Oracle Linux 8 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Ubuntu Linux 20.04 LTS v3.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Red Hat Enterprise Linux 8 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Rocky Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Ubuntu Linux 20.04 LTS v3.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Rocky Linux 8 v3.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS AlmaLinux OS 8 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Red Hat Enterprise Linux 8 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collectedCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collectedCIS AlmaLinux OS 8 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.4.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.8 Ensure the Audit Plugin Can't be UnloadedCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

AUDIT AND ACCOUNTABILITY

18.10.44.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY

18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 NGWindows

AUDIT AND ACCOUNTABILITY