| 1.1.14 Ensure that the --audit-log-path argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditing | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file contents | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Ensure auditing is configured for Docker files and directories - docker.service | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.9 Ensure auditing is configured for Docker files and directories - docker.socket | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.10 Ensure that the --audit-log-path argument is set as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category config | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category dnssec | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category network | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| Audit Account Lockout | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Account Lockout | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Account Lockout | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Audit Policy Change | MSCT Windows Server 1903 MS v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Audit Policy Change | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Authentication Policy Change | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Computer Account Management | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Logon/Logoff Events | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other System Events | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows 10 1809 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Special Logon | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Special Logon | MSCT Windows 10 1809 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - auditctl b32 setxattr | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify date and time information are collected - audit.rules b64 adjtimex | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - /etc/issue | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - b64 sethostname | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - auditctl /etc/passwd | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure SSH LogLevel is set to INFO | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EPERM | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure use of privileged commands is collected | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Log dropped packets - Private Profile | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Log dropped packets - Private Profile | MSCT Windows 10 1809 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Log dropped packets - Public Profile | MSCT Windows 10 1809 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Log successful connections - PrivateProfile | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Log successful connections - PublicProfile | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Windows Defender Firewall: Allow logging - LogSuccessfulConnections | MSCT Windows 10 v21H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Windows Firewall: Allow logging - LogDroppedPackets - Domain Profile | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
