Item Search

Name	Audit Name	Plugin	Category
1.1.2.4.1 Ensure separate partition exists for /var	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION
1.1.2.5.1 Ensure separate partition exists for /var/tmp	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION
1.1.2.36 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing'	CIS Windows 8 L1 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
1.4.1.6 Ensure no unconfined services exist	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
2.2.29 Configure 'Log on as a service'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.7 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1	Windows	ACCESS CONTROL
2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	ACCESS CONTROL
2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
5.10 Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.12 Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.16 Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.18 Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.19 Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.21 Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.36 Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
6.2.2.4 Ensure system warns when audit logs are low on space	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
6.2.3.5 Ensure events that modify the system's network environment are collected	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
6.2.3.7 Ensure unsuccessful file access attempts are collected	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.8 Ensure events that modify user/group information are collected	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.13 Ensure file deletion events by users are collected	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.19 Ensure kernel module loading unloading and modification is collected	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.20 Ensure the audit configuration is loaded regardless of errors	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.4.1 Ensure the audit log file directory mode is configured	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION
6.2.4.5 Ensure audit configuration files mode is configured	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.4.6 Ensure audit configuration files owner is configured	CIS Amazon Linux 2 v4.0.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNet	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIO	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - ProhibitRspndrOnPrivateNet	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - EnableRegistrars	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'	CIS Microsoft Windows Server 2016 v4.0.0 L1 MS	Windows	SYSTEM AND INFORMATION INTEGRITY
18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.7.2 Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'	CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS	Windows	SYSTEM AND INFORMATION INTEGRITY
18.8.22.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
18.8.22.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.8.52.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.59.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	ACCESS CONTROL
Enable IKE Version 1/2 - group	Tenable Cisco Viptela SD-WAN - vEdge	Cisco_Viptela	SYSTEM AND COMMUNICATIONS PROTECTION
Encryption type for password protected Office 97-2003 files	MSCT Office 365 ProPlus 1908 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
IBM i : Action When Sign-On Attempts Reached (QMAXSGNACN) - '3'	IBM System i Security Reference for V7R3	AS/400	ACCESS CONTROL
WN11-00-000085 - Standard local user accounts must not exist on a system in a domain.	DISA Microsoft Windows 11 STIG v2r7	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search