Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabledCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1CIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1CIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1CIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1CIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1CIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.5 Set the ACL for each 'snmp-server community'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.7 Set 'snmp-server host' when using SNMPCIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3CIS Cisco IOS 15 L2 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.4 Set 'seconds' for 'ip ssh timeout'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Set 'no cdp run'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Set 'no service dhcp'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Set 'no service dhcp' - dhcp poolCIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.5 Set 'no ip identd'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Set 'service tcp-keepalives-in'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1 Ensure only SNMPv3 is enabledCIS Fortigate 7.0.x v1.3.0 L2FortiGate

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 (L1) Ensure dvfilter API is not configured if not usedCIS VMware ESXi 7.0 v1.4.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure dvfilter API is not configured if not usedCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Ensure packet redirect sending is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure that MongoDB only listens for network connections on authorized interfacesCIS MongoDB 3.6 L1 Windows Audit v1.1.0Windows

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure that MongoDB only listens for network connections on authorized interfacesCIS MongoDB 3.6 L1 Unix Audit v1.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.4 Ensure that the --read-only-port is disabledCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0CIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.3 Set 'key-string'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.6 Set 'authentication key-chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.2 Set 'ip ospf message-digest-key md5'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.1 Set 'key chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.1 Ensure that the kube-proxy metrics service is bound to localhostCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.7 Ensure HTTP Request Methods Are RestrictedCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.7 Ensure HTTP Request Methods Are Restricted - allowCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.7 Ensure HTTP Request Methods Are Restricted - denyCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteEngine = on'CIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf RewriteCond = %{THE_REQUEST} !HTTP/1.1$'CIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteEngine on'CIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - Rewrite module not loadedCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - rewrite_moduleCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - RewriteCondCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - RewriteRuleCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - VirtualHost RewriteOptionsCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure that MongoDB uses a non-default portCIS MongoDB 3.6 L1 Unix Audit v1.1.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure that MongoDB uses a non-default portCIS MongoDB 3.6 L1 Windows Audit v1.1.0Windows

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

9.12 Ensure that 'Remote debugging' is set to 'Off'CIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

10.10 Configure maxHttpHeaderSizeCIS Apache Tomcat 9 L2 v1.2.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

10.10 Configure maxHttpHeaderSizeCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION