Item Search

Name	Audit Name	Plugin	Category
1.1.4.30 Set 'Bypass traverse checking' to 'Users, NETWORK SERVICE, LOCAL SERVICE, Administrators'	CIS Windows 8 L1 v1.0.0	Windows	ACCESS CONTROL
1.1.4.31 Set 'Increase a process working set' to 'Administrators, Local Service'	CIS Windows 8 L1 v1.0.0	Windows	ACCESS CONTROL
2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.6 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.6 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.10 (L1) Ensure 'Back up files and directories' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.10 (L1) Ensure 'Back up files and directories' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.11 (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.14 (L1) Ensure 'Create a token object' is set to 'No One'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.15 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.15 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.17 (L1) Ensure 'Create symbolic links' is set to 'Administrators' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.18 (L1) Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.22 (L1) Ensure 'Deny log on as a batch job' to include 'Guests'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.23 (L1) Ensure 'Deny log on locally' to include 'Guests'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.24 (L1) Ensure 'Deny log on locally' to include 'Guests'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.24 (L1) Ensure 'Deny log on locally' to include 'Guests'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.31 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.32 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS' (MS only)	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.32 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.33 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.33 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.37 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' and (when Exchange is running in the environment) 'Exchange Servers' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.37 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' and (when Exchange is running in the environment) 'Exchange Servers' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.38 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.40 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.40 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.41 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.43 (L1) Ensure 'Shut down the system' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.46 (L1) Ensure 'Shut down the system' is set to 'Administrators'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.7 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG	Windows	ACCESS CONTROL
2.3.10.7 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL	Windows	ACCESS CONTROL
2.3.10.8 (L1) Configure 'Network access: Remotely accessible registry paths' is configured	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.10.9 (L1) Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.10.9 (L1) Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
Create a pagefile	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Enable computer and user accounts to be trusted for delegation	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Load and unload device drivers	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Manage auditing and security log	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Modify firmware environment values	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Take ownership of files or other objects	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL

Detections

Analytics

Item Search