Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.2.3 Ensure system is disabled when audit logs are fullCIS Fedora 28 Family Linux Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = haltCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify the system's network environment are collected - /etc/issueCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue.netCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/networkCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hostsCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issueCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netCIS Oracle Linux 6 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/networkCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/networkCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - auditctl b64 sethostnameCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostnameCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostnameCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.2.1.1 Ensure rsyslog is installedCIS Fedora 19 Family Linux Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configuredCIS Debian 9 Workstation L1 v1.0.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Fedora 19 Family Linux Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure logging is configuredCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.1 Ensure systemd-journal-remote is installedCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure journald service is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.6 Ensure journald log rotation is configured per site policyCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.14 Ensure sshd LogLevel is configuredCIS Oracle Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.1.1 Ensure rsyslog is installedCIS Oracle Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.1.1.1 Ensure systemd-journal-remote is installedCIS Debian 10 Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.1.1 Ensure systemd-journal-remote is installedCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.1.2 Ensure systemd-journal-remote is configuredCIS Debian 10 Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.1.2 Ensure rsyslog service is enabledCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1.2 Ensure systemd-journal-remote is configuredCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Oracle Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Oracle Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.2.2 Ensure journald service is enabledCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.2.3 Ensure system is disabled when audit logs are fullCIS CentOS Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.2.3 Ensure system is disabled when audit logs are fullCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.1.1.1 Ensure journald service is enabled and activeCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.1 Ensure systemd-journal-remote is installedCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.1.3 Ensure journald log file rotation is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian Linux 12 v1.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.4.2.3 Ensure system is disabled when audit logs are fullCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

AUDIT AND ACCOUNTABILITY

17.6.1 Ensure 'Audit Detailed File Share' is set to include 'Failure'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

35.6 (L1) Ensure 'Enable Domain Network Firewall: Log File Path' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY