Item Search

Name	Audit Name	Plugin	Category
1.1.16 Ensure that the --audit-log-path argument is set as appropriate	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1	Unix	AUDIT AND ACCOUNTABILITY
2.2 Ensure the Log Config Module Is Enabled	CIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware	Unix
2.3 Ensure the logging level is set to 'info' - daemon.json	CIS Docker v1.3.1 L1 Docker Linux	Unix
2.3 Ensure the logging level is set to 'info' - dockerd	CIS Docker v1.3.1 L1 Docker Linux	Unix
2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1	Windows
4.1.2 Ensure auditd service is enabled	CIS Distribution Independent Linux Server L2 v1.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure auditing for processes that start prior to auditd is enabled - /boot/grub/grub.conf	CIS Distribution Independent Linux Server L2 v1.1.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.1 Ensure rsyslog Service is enabled	CIS Distribution Independent Linux Workstation L1 v1.1.0	Unix	CONFIGURATION MANAGEMENT
4.2.2.2 Ensure logging is configured	CIS Amazon Linux v2.1.0 L1	Unix	AUDIT AND ACCOUNTABILITY
6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf <VirtualHost> ErrorLog is configured'	CIS Apache HTTP Server 2.4 L1 v2.0.0	Unix
6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'	CIS Apache HTTP Server 2.4 L1 v1.5.0	Unix
6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf LogFormat is configured'	CIS Apache HTTP Server 2.4 L1 v2.0.0	Unix
6.3 Ensure the Server Access Log Is Configured Correctly - CustomLog'	CIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware	Unix
8.2 Configure a Logging File Channel - category security	CIS BIND DNS v3.0.1 Authoritative Name Server	Unix	AUDIT AND ACCOUNTABILITY
8.2 Configure a Logging File Channel - category xfer-in	CIS BIND DNS v3.0.1 Caching Only Name Server	Unix	AUDIT AND ACCOUNTABILITY
9.1.5 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1	Windows
9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log'	CIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker	Windows
9.1.7 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1	Windows
9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1	Windows
9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker	Windows
9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1	Windows
9.2.8 Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1	Windows
9.3.9 (L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1	Windows
9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2016 DC L1 v1.3.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + NG	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2016 MS L1 v1.3.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0	Windows
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + BL + NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L2 + NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 NG	Windows
18.9.46.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 NG	Windows
18.9.78.1 Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L2 + BL + NG	Windows
18.9.78.1 Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG	Windows
18.9.78.1 Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG	Windows
18.9.78.1 Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG	Windows
18.9.78.1 Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 NG	Windows

Detections

Analytics

Item Search