Detections
Analytics

Item Search

NameAudit NamePluginCategory
3.1.13 Ensure the program name for PostgreSQL syslog messages is correctCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.13 Ensure the program name for PostgreSQL syslog messages is correctCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.20 Ensure 'log_connections' is enabledCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.21 Ensure 'log_disconnections' is enabled - log_disconnections is enabledCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_error_verbosity' is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_error_verbosity' is set correctly - log_error_verbosity is set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.24 Ensure 'log_line_prefix' is set correctlyCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.25 Ensure 'log_statement' is set correctlyCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.26 Ensure 'log_timezone' is set correctly - log_timezone is set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

4.1.6 Ensure events that modify the system's Mandatory Access Controls are collectedCIS SUSE Linux Enterprise 12 v3.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.9 Ensure discretionary access control permission modification events are collectedCIS SUSE Linux Enterprise 12 v3.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.4 Ensure 'Send connector: Configure protocol logging' is set to 'Verbose'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

AUDIT AND ACCOUNTABILITY

4.12 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requestsCIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

AUDIT AND ACCOUNTABILITY

5.2.1.1 Ensure auditd is installedCIS Ubuntu Linux 18.04 LTS v2.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.1 Ensure changes to system administration scope (sudoers) is collectedCIS Ubuntu Linux 18.04 LTS v2.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.10 Ensure successful file system mounts are collectedCIS Ubuntu Linux 18.04 LTS v2.2.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2022 Database L1 DB v1.1.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.17 (L1) Ensure 'Detailed Tracking Audit Process Creation' is set to include 'Success'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.19 (L1) Ensure 'Object Access Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.23 (L1) Ensure 'Privilege Use Audit Sensitive Privilege Use' is set to 'Success and Failure'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.27 (L1) Ensure 'System Audit System Integrity' is set to 'Success and Failure'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

6.2.3.4 Ensure events that modify date and time information are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.5 Ensure events that modify the system's network environment are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.10 Ensure successful file system mounts are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.13 Ensure file deletion events by users are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.19 Ensure kernel module loading unloading and modification is collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.4 Ensure that Activity Log Alert exists for Delete Network Security GroupCIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

AUDIT AND ACCOUNTABILITY

7.24 (L1) Virtual machines must enable diagnostic loggingCIS VMware ESXi 8.0 v1.1.0 L1VMware

AUDIT AND ACCOUNTABILITY

17.1.2 (L1) Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.2 (L1) Ensure 'Audit Computer Account Management' is set to include 'Success' (DC only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.3.1 (L1) Ensure 'Audit PNP Activity' is set to include 'Success'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.3.1 (L1) Ensure 'Audit Process Creation' is set to include 'Success'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.8.1 (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.8.1 (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

45.28 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

67.4 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY