Item Search

Name	Audit Name	Plugin	Category
3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians' (sysctl.conf/sysctl.d)	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure auditing for processes that start prior to auditd is enabled - '/etc/default/grub'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - 'auditctl /etc/localtime'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - 'auditctl adjtimex'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - 'auditctl clock_settime (64-bit)'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - 'auditctl clock_settime (64-bit)'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - '/etc/gshadow'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - '/etc/security/opasswd'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - '/etc/shadow'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - 'auditctl group'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - 'auditctl passwd'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - 'auditctl shadow'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - '/etc/hosts'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - '/etc/issue.net'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - '/etc/sysconfig/network'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl issue.net'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl sethostname/setdomainname'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - 'sethostname/setdomainname'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - 'auditctl /usr/share/selinux/'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'auditctl EACCES (64-bit)'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'EACCES' (64-bit)	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.12 Ensure use of privileged commands is collected	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.13 Ensure successful file system mounts are collected - 'auditctl mounts (64-bit)'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.13 Ensure successful file system mounts are collected - 'mount' (64-bit)	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers'	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit'	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2 Enable FTP daemon Logging - Make sure that exec is set to /usr/sbin/in.ftpd -a -l -d	CIS Solaris 10 L1 v5.2	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - '.;mail.none;news.none -/var/log/messages'	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - '.=warning;.=err -/var/log/warn'	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages'	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages'	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - 'mail.err /var/log/mail.err'	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.2 Ensure logging is configured - 'news.crit -/var/log/news/news.crit'	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.2.2 Ensure logging is configured	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0	Unix	AUDIT AND ACCOUNTABILITY
5.1 Ensure that system activity is audited	CIS MongoDB 3.4 L1 Windows Audit v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
5.3 Ensure that logging captures as much information as possible	CIS MongoDB 3.2 L2 Unix Audit v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.3 Ensure that logging captures as much information as possible	CIS MongoDB 3.4 L2 Unix Audit v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.4 Ensure that new entries are appended to the end of the log file	CIS MongoDB 3.2 L2 Unix Audit v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.4 Ensure that new entries are appended to the end of the log file	CIS MongoDB 3.4 L2 Unix Audit v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
Log dropped packets - Private Profile	MSCT Windows 10 v1507 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Log dropped packets - Public Profile	MSCT Windows 10 v20H2 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Log successful connections - Public Profile	MSCT Windows 10 v20H2 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Windows Defender Firewall: Allow logging - LogDroppedPackets	MSCT Windows 10 v20H2 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Windows Defender Firewall: Allow logging - LogSuccessfulConnections	MSCT Windows 10 v20H2 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Windows Firewall: Allow logging - LogDroppedPackets - Domain Profile	MSCT Windows 10 v1507 v1.0.0	Windows	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search