| 1.3 Configure SSH - Check if MaxAuthTriesLog is set to 0 and not commented for server. | CIS Solaris 9 v1.3 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/security/opasswd | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/shadow | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - '/etc/networks' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'sethostname/setdomainname' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - faillock | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - '/var/log/wtmp' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - btmp | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b32 chmod fchmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b32 setxattr | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - b64 | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - b64 | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - '*.emerg :omusrmsg:*' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'local0,local1.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'local0,local1.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'local4,local5.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'mail.* -/var/log/mail' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'mail.err /var/log/mail.err' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'mail.err /var/log/mail.err' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'mail.warning -/var/log/mail.warn' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 ensure logging is configured - 'news.notice -/var/log/news/news.notice' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.3 Ensure rsyslog default file permissions configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Configure /etc/syslog.conf 'kern' | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3 Configure /etc/rsyslog.conf 'daemon /var/log/daemon.log' | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit Detailed File Share | MSCT Windows 10 v1903 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Object Access Events | MSCT Windows 10 v1903 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit PNP Activity | MSCT Windows 10 v1903 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Process Creation | MSCT Windows 10 v1903 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
