Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure Administrative accounts are separate and cloud-onlyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

ACCESS CONTROL

1.1.6.6 Ensure when the cloud recording is going to be permanently deleted from trash is set to enabledCIS Zoom L1 v1.0.0Zoom

CONFIGURATION MANAGEMENT

1.2.2.1 Ensure cloud recording is set to enabledCIS Zoom L1 v1.0.0Zoom

CONFIGURATION MANAGEMENT

1.9 Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure That Sinks Are Configured for All Log EntriesCIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

2.7.1 iCloud configurationCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix
2.7.1 iCloud configurationCIS Apple OSX 10.11 El Capitan L2 v1.1.0Unix
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC NetworksCIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

2.21.3 Ensure 'Block Signing into Office' is set to Enabled (None allowed)CIS Microsoft Office 2016 v1.1.0Windows

ACCESS CONTROL

3.1.1.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'CIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

RISK ASSESSMENT

3.2 Ensure Legacy Networks Do Not Exist for Older ProjectsCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.11.28.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

CONFIGURATION MANAGEMENT

4.6 Ensure that the REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION account parameter is set to trueCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

4.8 Ensure that the PREVENT_UNLOAD_TO_INLINE_URL account parameter is set to trueCIS Snowflake Foundations v1.0.0 L1Snowflake

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

5.5 Ensure alerts are enabled for malicious files detected by WildFireCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.5 Ensure alerts are enabled for malicious files detected by WildFireCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'CIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

6.1.3 Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'CIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT

6.2.7 Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled)CIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.12.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled'CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain ControllerWindows

CONFIGURATION MANAGEMENT

18.10.12.2 Ensure 'Turn off cloud optimized content' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member ServerWindows

CONFIGURATION MANAGEMENT

18.10.42.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.42.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.42.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

CONFIGURATION MANAGEMENT

18.10.42.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.56.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.10.56.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.10.56.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

CONFIGURATION MANAGEMENT

18.10.56.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

AIOS-02-080004 - Apple iOS must not allow backup to remote systems (iCloud Keychain).AirWatch - DISA Apple iOS 10 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-18-003450 - Apple iOS/iPadOS 18 must not allow backup to remote systems (Cloud Photo Library) - Cloud Photo Library.AirWatch - DISA Apple iOS/iPadOS 18 v1r1MDM

SYSTEM AND COMMUNICATIONS PROTECTION

BIND-9X-001700 - On the BIND 9.x server a zone file must not include resource records that resolve to a fully qualified domain name residing in another zone.DISA BIND 9.x STIG v2r3Unix

CONFIGURATION MANAGEMENT

DTOO414 - Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.DISA STIG Microsoft Office System 2013 v2r2Windows

CONFIGURATION MANAGEMENT

KNOX-07-004900 - The Samsung must be configured to not allow backup to remote systems: Deselect Allow Google Backup.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

MS.AAD.2.1v1 - Users detected as high risk SHALL be blocked.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.3.1v1 - Phishing-resistant MFA SHALL be enforced for all users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

Turn off Microsoft consumer experiencesMSCT Windows 10 1909 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 v20H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 11 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 11 v23H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 11 v24H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 1903 v1.19.9Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 v21H1 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 v22H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 1803 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 10 v21H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off Microsoft consumer experiencesMSCT Windows 11 v22H2 v1.0.0Windows

CONFIGURATION MANAGEMENT