Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.4 - MobileIron - Set Auto-lock - 'Inactivity Timeout <= 2'MobileIron - CIS Apple iOS 9 v1.0.0 L1MDM

ACCESS CONTROL

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctlyCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - hostCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - protocolCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - serverCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.5.7 Ensure DNS is servers are configured - nameserver 2CIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.1.1.2 Set version 2 for 'ip ssh version'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higherCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On'CIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2CIS Solaris 11.1 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Ensure Relational Database Service is Multi-AZ EnabledCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND INFORMATION INTEGRITY

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.4 Defend against Denial of Service AttacksCIS ISC BIND 9.0/9.5 v2.0.0Unix
5.2.2 Ensure SSH Protocol is set to 2CIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

CONFIGURATION MANAGEMENT

5.3.4 Ensure SSH Protocol is set to 2CIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

5.12 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

6.5 Ensure that Remote Syslog Servers are configuredCIS F5 Networks v1.0.0 L1F5

AUDIT AND ACCOUNTABILITY

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure the Server's Private Key Is ProtectedCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

ACCESS CONTROL

7.3 Ensure the Server's Private Key Is ProtectedCIS Apache HTTP Server 2.2 L1 v3.6.0Unix

ACCESS CONTROL

7.3 Ensure the Server's Private Key Is ProtectedCIS Apache HTTP Server 2.2 L1 v3.6.0 MiddlewareUnix

ACCESS CONTROL

Allow users to demote attachments to Level 2Microsoft 365 Apps for Enterprise 2306 v1.0.0Windows

CONFIGURATION MANAGEMENT

Allow users to demote attachments to Level 2MSCT M365 Apps for enterprise 2312 v1.0.0Windows

CONFIGURATION MANAGEMENT

Allow users to demote attachments to Level 2MSCT Office 2016 v1.0.0Windows

CONFIGURATION MANAGEMENT

Allow users to demote attachments to Level 2MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0Windows

CONFIGURATION MANAGEMENT

AS24-W2-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Site v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - sequential characters must be set to 2Tenable Best Practices Brocade FabricOSBrocade

IDENTIFICATION AND AUTHENTICATION

Check that the current GRUB 2 configuration enabledDISA Red Hat Enterprise Linux 9 STIG v2r2Unix
CIS_Aliyun_Linux_2_L2_v1.0.0.audit from CIS Aliyun Linux 2 Benchmark v1.0.0CIS Aliyun Linux 2 L2 v1.0.0Unix
Enable password encryptionMSCT Windows 11 v24H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Enable password encryptionMSCT Windows 11 v23H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Ensure 'ExploitAction' is 'Windows: Registry Value' to '2'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows
EPAS-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1Unix

IDENTIFICATION AND AUTHENTICATION

OH12-1X-000232 - A public OHS server must use TLS if authentication is required to host web sites - SSLProtocolDISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

CONFIGURATION MANAGEMENT

OH12-1X-000232 - A public OHS server must use TLS if authentication is required to host web sites - SSLWalletDISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

CONFIGURATION MANAGEMENT

OH12-1X-000348 - OHS must have the ServerTokens directive set to limit the response header.DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND INFORMATION INTEGRITY

PPS9-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.EDB PostgreSQL Advanced Server OS Linux Audit v2r3Unix

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.DISA STIG SQL Server 2016 Instance OS Audit v3r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.DISA STIG SQL Server 2016 Instance OS Audit v3r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Word 2 and earlier binary documents and templatesMSCT M365 Apps for enterprise 2312 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY