Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.5.1.1 Set 'Windows Firewall: Domain: Display a notification' to 'Yes (default)'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5.2.6 Set 'Windows Firewall: Private: Display a notification' to 'Yes (default)'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5.3.5 Set 'Windows Firewall: Public: Display a notification' to 'No'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 - TCP/IP Tuning - 'ipsrcrouteforward = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.10 - TCP/IP Tuning - 'bcastping = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.15 - TCP/IP Tuning - 'tcp_tcpsecure = 7'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Allow Docker to make changes to iptablesCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.msg.en_US is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Ensure IP forwarding is disabled - sysctlCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all sendCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - sysctl ipv4 default acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Restrict Query Origins 'local'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Restrict Query Origins 'mynets'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 default secureCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl ipv4 all rp_filterCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.6 ipignoreredirectsCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.13 nonlocsrcrouteCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ignore erroneous or unwanted traffic 'Multicast'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_ignore_redirect' is set to 1 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_respond_to_timestamp_broadcast' is set to 0 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_respond_to_timestamp' is set to 0 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'tcp_conn_req_max_q0' is set to 4096 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'tcp_extra_priv_ports_add' is set to 6112 in /etc/init.d/netconfig (Solaris 7, 8 or later)CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Additional network parameter - If Firewall/Gateway, Check 'ip_strict_dst_multihoming' = 1 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Additional network parameter - If Firewall/Gateway, Check 'ip6_strict_dst_multihoming' = 1 in /etc/init.d/netconfig (Solaris 8 or later)CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure FTP Logon attempt restrictions is enabled - Deny By Failure EnabledCIS IIS 8.0 v1.5.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (192.0.0.0/24)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (198.18.0.0/15)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi.firewall-restrict-accessVMWare vSphere 6.5 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode-StandardSwitchVMWare vSphere 6.5 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION