Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.1.2 Ensure auditd service is enabledCIS Fedora 28 Family Linux Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = rootCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl b64 sethostnameCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - b32 sethostnameCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.2.1.1 Ensure rsyslog is installedCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostCIS Debian 9 Server L1 v1.0.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1 Ensure rsyslog service is enabledCIS Amazon Linux 2 STIG v1.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.3 Ensure systemd-journal-remote is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure journald service is enabledCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.5 Ensure SSH LogLevel is appropriateCIS Debian 10 Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.5 Ensure SSH LogLevel is appropriateCIS Amazon Linux 2023 Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.1 Ensure rsyslog is installedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.2 Ensure rsyslog service is enabledCIS Amazon Linux 2023 Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.4 Ensure journald is configured to write logfiles to persistent diskCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.5 Ensure logging is configuredCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.5 Ensure logging is configuredCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.5 Ensure logging is configuredCIS Amazon Linux 2023 Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1 Ensure rsyslog is installedCIS Debian 10 Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.1 Ensure systemd-journal-remote is installedCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Amazon Linux 2023 Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.5 Ensure logging is configuredCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.2.6 Ensure journald log rotation is configured per site policyCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.14 Ensure sshd LogLevel is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian 10 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.1.4 Ensure auditd service is enabledCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

6.2.1.1 Ensure journald service is enabled and activeCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.1.1 Ensure journald service is enabled and activeCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.2.1 Ensure systemd-journal-remote is installedCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.2.2 Ensure systemd-journal-remote authentication is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.1 Ensure systemd-journal-remote is installedCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.4 Ensure journald Storage is configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.2 Ensure rsyslog service is enabled and activeCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.5 Ensure rsyslog logging is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf LogFormat is configured'CIS Apache HTTP Server 2.4 L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY

17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

AUDIT AND ACCOUNTABILITY

17.7.4 Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT