Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CIS Cisco IOS 12 L1 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 - TCP/IP Tuning - 'ipsendredirects = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 - TCP/IP Tuning - 'ip6srcrouteforward = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.18 - TCP/IP Tuning - 'tcp_sendspace >= 262144'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Restrict network traffic between containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Allow Docker to make changes to iptablesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.base is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.man.en_US is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.3 - TCP Wrappers - creating a hosts.allow file - configuration - 'hosts.allow has been configured'CIS AIX 5.3/6.1 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.17 Bind swarm services to a specific host interfaceCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3 Set 'no interface tunnel'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.5 ipforwardingCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure IP tunnels are not configured.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.6 Ensure 'Default Window Management permissions setting' Is 'Enabled' to 'Deny Permission'CIS Google Chrome L2 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.11 ip6srcrouteforwardCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.5 Ensure subnets for the Web tier ELB are createdCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.9 Ensure Elastic IPs for the NAT Gateways are allocatedCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPSCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Create the App tier Security Group and ensure it allows inbound connections from App tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptablesCIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistentCIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistent run level 2CIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

9.3 Configure 'Disable changing connection settings'CIS IE 9 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.5 Configure 'Make proxy settings per-machine (rather than per-user)'CIS IE 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.8 Configure 'Disable changing Automatic Configuration settings'CIS IE 10 v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Access control listsArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (10.0.0.0/8)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (172.16.0.0/12)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (0.0.0.0/8)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (198.51.100.0/24)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'noproxyarp' is enabled for untrusted interfacesTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure ICMP is restricted for untrusted interfacesTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Front panel securityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Port security auto-recoveryArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode - 'portgroup'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION