Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Do Not Install a Multi-Use System - chkconfigCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

1.2 Do Not Install a Multi-Use System - systemctlCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

1.2 Do Not Install a Multi-Use System - systemctlCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileCIS Kubernetes v1.20 Benchmark v1.0.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION

1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileCIS Kubernetes v1.20 Benchmark v1.0.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION

1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileCIS Kubernetes Benchmark v1.5.1 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileCIS Kubernetes Benchmark v1.5.1 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.3 Dedicated Name Server RoleCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

1.3 Dedicated Name Server RoleCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

1.3.10 Ensure 'Password Profiles' do not existCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, PLANNING, PROGRAM MANAGEMENT, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management ServicesCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure network traffic is restricted between containers on the default bridgeCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all ProtocolsCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1Palo_Alto
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL

2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL

2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.7 Ensure that a unique Certificate Authority is used for etcdCIS Kubernetes v1.20 Benchmark v1.0.0 L2 MasterUnix

ACCESS CONTROL

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Multicast addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Multicast addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.2.5 Disable IP Source-RoutingCIS Cisco NX-OS L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure interface description is setCIS Juniper OS Benchmark v2.0.0 L1Juniper

CONFIGURATION MANAGEMENT

3.4 Ensure interface description is setCIS Juniper OS Benchmark v2.1.0 L1Juniper

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

3.4 Restrict Queries of the Cache - Authoritative OnlyCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.4 Restrict Queries of the Cache - Caching OnlyCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.5.2 Configure FCoE ZoningCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.13 Ensure VPN traffic goes through the relevant ACLCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

3.16 Configure Mail Transfer Agent for Local-Only Mode - O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTACIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

5.10.6 Enable Cloud Security Command Center (Cloud SCC)CIS Google Kubernetes Engine (GKE) v1.1.0 L1 MasterGCP
6.10.9 Ensure Finger Service is Not SetCIS Juniper OS Benchmark v2.1.0 L1Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

7.2 Ensure that swarm services are bound to a specific host interfaceCIS Docker v1.6.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION