Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.4.1.4 Ensure 'Disable user name and password' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.9 Ensure 'Object Caching Protection' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.19 Ensure that the --token-auth-file parameter is not setCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.32 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.4.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - ca-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.2 Ensure that the --client-cert-auth argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.7 Ensure that the --wal-dir argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.8 Benchmark v1.2.0 L2Unix
2.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.1.3.2.2 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.1.3.2.3 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.1.3.2.4 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.5 Ensure that the --read-only-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.14 Ensure that the RotateKubeletClientCertificate argument is not set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.6 Ensure that the proxy kubeconfig file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.3.10.7 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry paths is configuredCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL

2.3.10.7 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry paths is configuredCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL

2.3.10.7 Ensure 'Network access: Remotely accessible registry paths'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.11.8.3.1 Ensure 'Hidden text' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.11.8.7.2.1.9 Ensure 'Word XP binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.11.8.7.2.2.4 Ensure 'Set document behavior if file validation fails' is set to 'Unchecked: Do not allow edit'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.11.8.7.2.6 Ensure 'Dynamic Data Exchange' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.11.8.7.2.7 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.5 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.6 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.9 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.1.16 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.3 Ensure that MongoDB is run using a non-privileged, dedicated service accountCIS MongoDB 6 v1.2.0 L1 MongoDBWindows

ACCESS CONTROL

4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption)CIS MongoDB 6 v1.2.0 L1 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Federal Information Processing Standard (FIPS) is enabledCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure that logging captures as much information as possibleCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

AUDIT AND ACCOUNTABILITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

AUDIT AND ACCOUNTABILITY

7.1 Ensure appropriate key file permissions are setCIS MongoDB 6 v1.2.0 L1 MongoDBWindows

IDENTIFICATION AND AUTHENTICATION

18.10.43.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY