Detections
Analytics

Item Search

NameAudit NamePluginCategory
Audit Account LockoutMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Authentication Policy ChangeMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Account Management EventsMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Logon/Logoff EventsMSCT Windows 10 1809 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Logon/Logoff EventsMSCT Windows 10 1909 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Logon/Logoff EventsMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows 10 v1507 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows 10 1809 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows 10 v20H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows Server v20H2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Removable StorageMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Removable StorageMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security Group ManagementMSCT Windows 10 v1507 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security Group ManagementMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security System ExtensionMSCT Windows 10 1903 v1.19.9Windows

AUDIT AND ACCOUNTABILITY

Audit Security System ExtensionMSCT Windows Server v20H2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server v20H2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows 10 v1507 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows 10 v20H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows Server v2004 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit System IntegrityMSCT Windows 10 1809 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit System IntegrityMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit System IntegrityMSCT Windows Server v20H2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit User Account ManagementMSCT Windows 10 v1507 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit User Account ManagementMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit User Account ManagementMSCT Windows Server v2004 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure discretionary access control permission modification events are collected - auditctl b64 setxattrTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure discretionary access control permission modification events are collected - b64 chown fchownTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify the system's network environment are collected - auditctl /etc/issueTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify the system's network environment are collected - auditctl b64 sethostnameTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify user/group information are collected - auditctl /etc/security/opasswdTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify user/group information are collected - auditctl /etc/shadowTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure kernel module loading and unloading is collected - rmmodTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure successful file system mounts are collected - b32Tenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERMTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Log dropped packets - Private ProfileMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Log dropped packets - Public ProfileMSCT Windows 10 1909 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Log dropped packets - PublicProfileMSCT Windows 10 1803 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Log successful connections - DomainProfileMSCT Windows 10 1803 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Log successful connections - Public ProfileMSCT Windows 10 1903 v1.19.9Windows

AUDIT AND ACCOUNTABILITY

Log successful connections - Public ProfileMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Logs containing auditing information should be secured at the directory level.TNS IBM HTTP Server Best PracticeUnix

AUDIT AND ACCOUNTABILITY

Windows Defender Firewall: Allow logging - LogDroppedPacketsMSCT Windows 10 v21H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Windows Defender Firewall: Allow logging - LogDroppedPackets - Domain ProfileMSCT Windows 10 1809 v1.0.0Windows

AUDIT AND ACCOUNTABILITY