Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA)CIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND INFORMATION INTEGRITY

1.5.6 Ensure NIST FIPS-validated cryptography is configured - installedCIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.7 Ensure DNS is servers are configured - empty resolvCIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

1.7.1.7 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured - sshd_configCIS Amazon Linux 2 STIG v1.0.0 L3Unix

ACCESS CONTROL

2.1.4 Ensure TFTP daemon is configured to operate in secure mode.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

2.2.2.3 Ensure GNOME Screensaver period of inactivity is configured.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

ACCESS CONTROL

2.2.2.9 Ensure session idle-delay settings is enforcedCIS Amazon Linux 2 STIG v1.0.0 L3Unix

ACCESS CONTROL

2.2.26 Ensure ldap_tls_cacert is set for LDAP - configCIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

2.2.26 Ensure ldap_tls_cacert is set for LDAP - fileCIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

2.2.28 Ensure ldap_tls_reqcert is set for LDAPCIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.2.31 Ensure noexec option is configured for NFS.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

3.1.1.3 Configure EIGRP log-adjacency-changesCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3.1 Set Interfaces with no Peers to Passive-InterfaceCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

4.1.2.13 Ensure audit of kmod commandCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.1.2.19 Ensure audit of semanage commandCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.1.2.22 Ensure audit of setfiles commandCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.1.2.25 Ensure audit of the mount command and syscallCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.1.20 Ensure the auditing processing failures are handled.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.8 Enure off-load of audit logs - pathCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

5.2.22 Ensure only FIPS 140-2 ciphers are used for SSHCIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.2.27 Ensure SSH does not permit GSSAPICIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

5.2.33 Ensure no 'shosts.equiv' files exist on the system.CIS Amazon Linux 2 STIG v1.0.0 L3Unix
5.3.11 Ensure system-auth is used when changing passwordsCIS Amazon Linux 2 STIG v1.0.0 L3Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.10 Ensure delay between logon prompts on failureCIS Amazon Linux 2 STIG v1.0.0 L3Unix

ACCESS CONTROL

5.4.9 Ensure there are no unnecessary accountsCIS Amazon Linux 2 STIG v1.0.0 L3Unix

ACCESS CONTROL

6.2.21 Ensure that all files and directories contained in local interactive user home directories are owned by the userCIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

6.2.26 Ensure local interactive users' 'dot' files executable paths resolve to the users home directory.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

6.2.29 Ensure users' files and directories within the home directory permissions are 750 or more restrictiveCIS Amazon Linux 2 STIG v1.0.0 L3Unix

CONFIGURATION MANAGEMENT

7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 6.7 v1.3.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

20.1 Ensure 'Accounts require passwords' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

AMLS-NM-000500 - The Arista Multilayer Switch must be updated to one of the minimum approved versions of EOS.DISA STIG Arista MLS DCS-7000 Series NDM v1r4Arista

CONFIGURATION MANAGEMENT

Auditing and loggingArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-EG-000190 - The Exchange Sender Reputation filter must be enabled.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000380 - The Exchange Sender Reputation filter must be enabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND INFORMATION INTEGRITY

HP ProCurve - 'Disable SNMPv2'TNS HP ProCurveHPProCurve

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

HP ProCurve - 'Disable Telnet'TNS HP ProCurveHPProCurve

CONFIGURATION MANAGEMENT

HP ProCurve - 'Enable ARP protection'TNS HP ProCurveHPProCurve

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000140 - The Juniper EX switch must be configured to enable Dynamic Address Resolution Protocol (ARP) Inspection (DAI) on all user VLANs.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Local password complexity - password minimum-lengthArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Maximum Validity Period (h)Tenable Cisco ACICisco_ACI

ACCESS CONTROL

Policies - Pod - Date and Time Policy - Administrative StateTenable Cisco ACICisco_ACI
Syslog - Console Destination - Admin StateTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

vNetwork : upstream-bpdu-stpVMWare vSphere 5.X Hardening GuideVMware
Web Token Timeout (s)Tenable Cisco ACICisco_ACI

ACCESS CONTROL