Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Ensure network traffic is restricted between containers on the default bridgeCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 NTP Security Protection - b) NTP access-groupTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Allow Docker to make changes to iptablesCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4 Set 'ip verify unicast source reachable-via'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Microsoft Intune for Windows 11 v3.0.1 L2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ignore erroneous or unwanted traffic 'Link Local'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.6 ipignoreredirectsCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.8 ipsrcrouteforwardCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.9 ipsrcrouterecvCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.17 udp_pmtu_discoverCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.6 Ensure subnets for the Web tier are createdCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.15 Ensure Routing Table associated with App tier subnet have the default route (0.0.0.0/0) defined to allow connectivityCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistent run level 3CIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

9.2 Configure 'Disable changing Automatic Configuration settings'CIS IE 9 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.7 Set 'Prevent changing proxy settings' to 'Enabled'CIS IE 10 v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Windows Server 2012 DC L2 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Windows Server 2012 R2 MS L2 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

20.8 (L1) Ensure 'System is connected to the network only when necessary'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (192.0.2.0/24)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (240.0.0.0/4)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Allow unicast response - Private ProfileMSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local connection security rulesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local connection security rulesMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Authentication policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Device Connection Control policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'threat-detection statistics' is set to 'tcp-intercept'Tenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - User connections are limited by subnet or VLANTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Management interfaceArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - client-list restrictJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn off downloading of print drivers over HTTPMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn off downloading of print drivers over HTTPMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-forged-transmit - 'vSwitch'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-forged-transmit-StandardSwitchVMWare vSphere 6.5 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Firewall: Prohibit unicast response to multicast or broadcast requestsMSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Firewall: Prohibit unicast response to multicast or broadcast requestsMSCT Windows Server 2012 R2 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION