Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure 'Logon Password' is setCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.4 Set 'login authentication for 'line con 0'CIS Cisco IOS 12 L1 v4.0.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.6 Set 'login authentication for 'line vty'CIS Cisco IOS 12 L1 v4.0.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.12 - MobileIron - Turn off VPN when not neededMobileIron - CIS Apple iOS 9 v1.0.0 L1MDM

ACCESS CONTROL

1.1.13 - MobileIron - Turn off VPN when not neededMobileIron - CIS Apple iOS 8 v1.0.0 L1MDM

ACCESS CONTROL

1.2.2 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'CIS Cisco IOS XR 7.x v1.0.0 L1Cisco

IDENTIFICATION AND AUTHENTICATION

1.4.4 Set password length for local credentialsCIS Cisco NX-OS v1.2.0 L1Cisco

IDENTIFICATION AND AUTHENTICATION

2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'CIS Cisco IOS 12 L1 v4.0.0Cisco

IDENTIFICATION AND AUTHENTICATION

3.1.1 Set 'no ip source-route'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

CONFIGURATION MANAGEMENT

3.1.1 Set 'no ip source-route'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

SYSTEM AND INFORMATION INTEGRITY

3.1.2.2 If Possible, Limit the BGP Routes Accepted from PeersCIS Cisco NX-OS v1.2.0 L2Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1.1 Configure RA GuardCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.5.1 Basic Fiber Channel ConfigurationCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

4.12.1 Ensure LLDP is Disabled if not RequiredCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT

ALMA-09-032470 - AlmaLinux OS 9 must restrict the use of the "su" command.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

AMLS-L3-000330 - The Arista MLS RTR must be using a version supported by the vendor.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

CONFIGURATION MANAGEMENT

ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

DHCP snooping - authorized-serverArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

DHCP snooping - globalArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-65-000067 - All ESXi host-connected physical switch ports must be configured with spanning tree disabled.DISA STIG VMware vSphere ESXi 6.5 v2r4VMware

CONFIGURATION MANAGEMENT

ESXI-80-000215 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

CONFIGURATION MANAGEMENT

ESXI5-VMNET-000025 - Spanning tree protocol must be enabled and BPDU guard and Portfast must be disabled on the upstream physical switch port for virtual machines that route or bridge traffic.DISA STIG VMWare ESXi Server 5 STIG v2r1VMware

CONFIGURATION MANAGEMENT

Fabric Security - Policy - FIPS ModeTenable Cisco ACICisco_ACI

SYSTEM AND COMMUNICATIONS PROTECTION

HP ProCurve - 'Enable HTTPS'TNS HP ProCurveHPProCurve

SYSTEM AND COMMUNICATIONS PROTECTION

HP ProCurve - 'Enable SFTP'TNS HP ProCurveHPProCurve

SYSTEM AND COMMUNICATIONS PROTECTION

HP ProCurve - 'Secure Management VLAN is configured'TNS HP ProCurveHPProCurve

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000240 - The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA STIG Juniper Router RTR v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000290 - The Juniper perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an approved gateway service provider - BGP peer to an alternate gateway service provider.DISA STIG Juniper Router RTR v3r2Juniper

ACCESS CONTROL

Login banner - banner motdArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

ACCESS CONTROL

MACsecArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

RADIUS and TACACS+ authorization and accounting - accounting commandsArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - accounting execArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - authorization commands access-levelArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - authorization commands autoArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

USB portArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

USB portArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

VCTR-67-000016 - The vCenter Server must only send NetFlow traffic to authorized collectors.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCWN-06-000016 - The system must only send NetFlow traffic to authorized collectors.DISA STIG VMware vSphere vCenter 6.x v1r4VMware

CONFIGURATION MANAGEMENT

VCWN-65-000016 - The vCenter Server for Windows must only send NetFlow traffic to authorized collectors.DISA STIG VMware vSphere vCenter 6.5 v2r3VMware

CONFIGURATION MANAGEMENT

vNetwork : enable-bpdu-filterVMWare vSphere 6.0 Hardening GuideVMware
vNetwork : enable-bpdu-filterVMWare vSphere 6.5 Hardening GuideVMware

CONFIGURATION MANAGEMENT