Detections
Analytics

Item Search

NameAudit NamePluginCategory
3.2 Enable security auditingCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events'CIS Apple OSX 10.11 El Capitan L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.14 Ensure file deletion events by users are collected (64-bit)CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.3 Enable Auditing of File Metadata Modification Events - AUE_FACLSET : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHMOD : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.3 Enable Auditing of File Metadata Modification Events - AUE_LCHOWN : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Enable Auditing of Process and Privilege Events - AUE_PRIOCNTLSYS : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Enable Auditing of Process and Privilege Events - AUE_SETGID : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Enable Auditing of Process and Privilege Events - AUE_SETPGID : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Enable Auditing of Process and Privilege Events - AUE_SETPPRIV : cisCIS Solaris 11 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

5.1 Enable 'USER' Audit OptionCIS Oracle Server 11g R2 DB v2.2.0OracleDB

AUDIT AND ACCOUNTABILITY

5.1 Ensure that system activity is auditedCIS MongoDB L1 Windows Audit v1.0.0Windows

AUDIT AND ACCOUNTABILITY

5.4 Enable 'ROLE' Audit OptionCIS Oracle Server 11g R2 DB v2.2.0OracleDB

AUDIT AND ACCOUNTABILITY

5.5 Create /var/adm/loginlog - Check if 'SYSLOG_FAILED_LOGINS' is set to 0 in /etc/default/login.CIS Solaris 9 v1.3Unix

AUDIT AND ACCOUNTABILITY

5.8 Enable kernel-level auditing, Check if 'flags:lo,ad,cc' is set in /etc/security/audit_control.CIS Solaris 9 v1.3Unix

AUDIT AND ACCOUNTABILITY

5.8 Enable kernel-level auditing, Check if 'root:lo,ad:no' is set in /etc/security/audit_user.CIS Solaris 9 v1.3Unix

AUDIT AND ACCOUNTABILITY

5.9 Enable 'DATABASE LINK' Audit OptionCIS Oracle Server 11g R2 DB v2.2.0OracleDB

AUDIT AND ACCOUNTABILITY

5.14 Enable 'SELECT ANY DICTIONARY' Audit OptionCIS Oracle Server 11g R2 DB v2.2.0OracleDB

AUDIT AND ACCOUNTABILITY

5.21 Enable 'TRIGGER' Audit OptionCIS Oracle Server 11g R2 DB v2.2.0OracleDB

AUDIT AND ACCOUNTABILITY

7.2.4 Log Suspicious Packets - 'net.ipv4.conf.all.log_martians = 1'CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2.4 Log Suspicious Packets - 'net.ipv4.conf.default.log_martians = 1'CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information- '/etc/shadow'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - '/etc/network'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment- '/etc/issue'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information- '/var/run/utmp'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '32bit setxattr'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '64bit chmod/fchmod/fchmodat'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '64bit setxattr'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '64bit EPERM'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.12 Collect Use of Privileged CommandsCIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.14 Collect File Deletion Events by User- '64bit unlink/unlinkat/rename/renameat'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading - '64bit init_module/delete_module'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading- '/sbin/insmod'CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

17.6.2 Ensure 'Audit File Share' is set to 'Success and Failure'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.7.5 Ensure 'Audit Other Policy Change Events' is set to include 'Failure'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.7.5 Ensure 'Audit Other Policy Change Events' is set to include 'Failure'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

AUDIT AND ACCOUNTABILITY

18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MSWindows

AUDIT AND ACCOUNTABILITY

Audit File ShareMSCT Windows 10 1803 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit MPSSVC Rule-Level Policy ChangeMSCT Windows 10 1803 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit MPSSVC Rule-Level Policy ChangeMSCT Windows 10 1909 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit MPSSVC Rule-Level Policy ChangeMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Object Access EventsMSCT Windows 10 1803 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Process CreationMSCT Windows 10 1909 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security State ChangeMSCT Windows 10 1909 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security State ChangeMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Control (QAUDCTL) - '!= *NONE'IBM System i Security Reference for V7R3AS/400

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Control (QAUDCTL) - '*NONE|*NOTAVL|*OBJAUD|*AUDLVL|*NOQTEMP'IBM iSeries Security Reference v5r4AS/400

AUDIT AND ACCOUNTABILITY

IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE'IBM System i Security Reference for V7R2AS/400

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Level (QAUDLVL2) - '*SECURITY'IBM System i Security Reference for V7R1 and V6R1AS/400

AUDIT AND ACCOUNTABILITY