Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.3.9 Ensure file deletion events by users are collected - rename 32 bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

4.1.3.9 Ensure file deletion events by users are collected - rename 64 bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

4.1.3.9 Ensure file deletion events by users are collected - renameat 32 bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

4.1.3.9 Ensure file deletion events by users are collected - renameat 64 bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001024 - The macOS system must be configured to audit all failed program execution on the system.DISA Apple macOS 14 (Sonoma) STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

CISC-ND-001250 - The Cisco switch must be configured to generate log records when administrator privileges are deleted.DISA STIG Cisco IOS XE Switch NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

JBOS-AS-000700 - JBoss must be configured to generate log records when successful/unsuccessful logon attempts occur.DISA RedHat JBoss EAP 6.3 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

JUSX-DM-000043 - The Juniper SRX Services Gateway must generate log records when logon events occur.DISA Juniper SRX Services Gateway NDM v3r2Juniper

AUDIT AND ACCOUNTABILITY

Monterey - Configure System to Audit All Authorization and Authentication EventsNIST macOS Monterey v1.0.0 - 800-53r4 HighUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Authorization and Authentication EventsNIST macOS Monterey v1.0.0 - 800-53r5 ModerateUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Authorization and Authentication EventsNIST macOS Monterey v1.0.0 - All ProfilesUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Authorization and Authentication EventsNIST macOS Monterey v1.0.0 - 800-171Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Authorization and Authentication EventsNIST macOS Monterey v1.0.0 - 800-53r5 LowUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

PHTN-30-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.DISA STIG VMware vSphere 7.0 Photon OS v1r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

PHTN-40-000204 The Photon operating system must audit all account modifications.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

RHEL-06-000197 - The audit system must be configured to audit failed attempts to access files and programs - EPERMDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000199 - The audit system must be configured to audit successful file system mounts - auid>=500 32 bitDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000200 - The audit system must be configured to audit user deletions of files and programs - renameat 64 bitDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/insmod.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 32 bitDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 64 bitDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module 64 bitDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-07-030810 - The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY

RHEL-07-030820 - The Red Hat Enterprise Linux operating system must audit all uses of the init_module and finit_module syscalls.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-654250 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.DISA Red Hat Enterprise Linux 9 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

RHEL-09-654260 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog.DISA Red Hat Enterprise Linux 9 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

SOL-11.1-010120 - The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events.DISA STIG Solaris 11 X86 v3r1Unix

AUDIT AND ACCOUNTABILITY

SPLK-CL-000280 - Splunk Enterprise must be configured with a successful/unsuccessful logon attempts report.DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST APISplunk

AUDIT AND ACCOUNTABILITY

TCAT-AS-001560 - AccessLogValve must be configured for Catalina engine.DISA STIG Apache Tomcat Application Server 9 v3r1 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

UBTU-18-010202 - The Ubuntu operating system must generate audit records for the use and modification of faillog file.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010315 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010344 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010345 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010349 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010350 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010351 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010354 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010387 - The Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010391 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-20-010244 - The Ubuntu operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.DISA STIG Ubuntu 20.04 LTS v2r1Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-22-654235 - Ubuntu 22.04 LTS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.DISA STIG Canonical Ubuntu 22.04 LTS v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

WN11-00-000065 - Unused accounts must be disabled or removed from the system after 35 days of inactivity.DISA Windows 11 STIG v2r2Windows

AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

WN11-AU-000045 - The system must be configured to audit Detailed Tracking - PNP Activity successes.DISA Windows 11 STIG v2r2Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

WN11-AU-000050 - The system must be configured to audit Detailed Tracking - Process Creation successes.DISA Windows 11 STIG v2r2Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

WN12-AU-000002 - The system must be configured to audit Account Logon - Credential Validation failures.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000002 - The system must be configured to audit Account Logon - Credential Validation failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000053 - The system must be configured to audit Logon/Logoff - Special Logon successes.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000082 - The system must be configured to audit Object Access - Removable Storage failures.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000089 - The system must be configured to audit Policy Change - Authorization Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000103 - The system must be configured to audit System - IPsec Driver successes.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY