Item Search

Name	Audit Name	Plugin	Category
2.3.1 Ensure the Account Provisioning Activity report is reviewed at least weekly	CIS Microsoft 365 Foundations E3 L1 v3.1.0	microsoft_azure	AUDIT AND ACCOUNTABILITY
2.3.2 Ensure non-global administrator role group assignments are reviewed at least weekly	CIS Microsoft 365 Foundations E3 L1 v3.1.0	microsoft_azure	AUDIT AND ACCOUNTABILITY
4.1.1.1 Ensure journald is configured to write logfiles to persistent disk	CIS Bottlerocket L1	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure rsyslog service is enabled	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure rsyslog service is enabled and running	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = email	CIS Fedora 19 Family Linux Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts	CIS Fedora 19 Family Linux Server L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network	CIS Fedora 19 Family Linux Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts	CIS Fedora 19 Family Linux Server L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue	CIS CentOS 6 Workstation L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname	CIS Fedora 19 Family Linux Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl sethostname setdomainname 32-bit	CIS CentOS 6 Workstation L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/hosts	CIS CentOS 6 Server L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/issue	CIS CentOS 6 Server L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
4.1.19 Ensure the audit configuration is immutable	CIS Distribution Independent Linux Server L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.1 Ensure rsyslog is installed	CIS Fedora 19 Family Linux Workstation L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.1 Ensure rsyslog service is enabled	CIS Debian 8 Workstation L1 v2.0.2	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure rsyslog service is enabled and running	CIS Fedora 19 Family Linux Server L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.4 Ensure logging is configured	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	CIS Fedora 19 Family Linux Workstation L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.2.1 Ensure syslog-ng service is enabled	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.2.2.2 Ensure logging is configured	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.2.3 Ensure rsyslog or syslog-ng is installed	CIS Debian 8 Server L1 v2.0.2	Unix	AUDIT AND ACCOUNTABILITY
4.2.3 Ensure rsyslog or syslog-ng is installed	CIS Debian 8 Workstation L1 v2.0.2	Unix	AUDIT AND ACCOUNTABILITY
4.2.3 Ensure rsyslog or syslog-ng is installed	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.2.14 Ensure sshd LogLevel is configured	CIS Amazon Linux 2 v3.0.0 L1	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.1.2 Ensure systemd-journal-remote is configured	CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.2 Ensure journald service is enabled	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.4 Ensure journald is configured to write logfiles to persistent disk	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.5 Ensure logging is configured	CIS Amazon Linux 2 v3.0.0 L1	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.6 Ensure journald log rotation is configured per site policy	CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.1.1 Ensure systemd-journal-remote is installed	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.1.2 Ensure systemd-journal-remote is configured	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.2 Ensure rsyslog service is enabled	CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.2 Ensure rsyslog service is enabled	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.2 Ensure auditd service is enabled and active	CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.4 Ensure audit_backlog_limit is sufficient	CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.2.6.1 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weekly	CIS Microsoft 365 Foundations E5 L1 v3.1.0	microsoft_azure	AUDIT AND ACCOUNTABILITY
6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug'	CIS Apache HTTP Server 2.4 L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
6.1.1.1 Ensure journald service is enabled and active	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.1.1.3 Ensure journald log file rotation is configured	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.1.2.1.1 Ensure systemd-journal-remote is installed	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.1.2 Ensure auditd service is enabled and active	CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.1.2.1 Ensure systemd-journal-remote is installed	CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3 Ensure the 'DROP USER' Audit Option Is Enabled	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.7 Ensure the 'GRANT' Action Audit Is Enabled	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.8 Ensure the 'REVOKE' Action Audit Is Enabled	CIS Oracle Server 12c DB Unified Auditing v3.0.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'	CIS Apache HTTP Server 2.4 L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search