Item Search

Name	Audit Name	Plugin	Category
1.10.6 Ensure 'logging with timestamps' is enabled	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	AUDIT AND ACCOUNTABILITY
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	AUDIT AND ACCOUNTABILITY
2.2.8 Set 'login success/failure logging'	CIS Cisco IOS XE 17.x v2.2.1 L1	Cisco	AUDIT AND ACCOUNTABILITY
3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)	CIS IBM DB2 11 v1.1.0 Linux OS Level 1	Unix	AUDIT AND ACCOUNTABILITY
3.2.2 Ensure that the audit policy covers key security concerns	CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master	Unix	AUDIT AND ACCOUNTABILITY
4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose'	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected	CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl /etc/localtime	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.2 Ensure system administrator command executions (sudo) are collected - 64 bit	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected	CIS Amazon Linux 2 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.9 Ensure file deletion events by users are collected	CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.12 Ensure discretionary access control permission modification events are collected	CIS Amazon Linux 2 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.14 Ensure events that modify user/group information are collected	CIS Amazon Linux 2 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.15 Ensure all uses of the passwd command are audited.	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.23 Ensure audit ssh-keysign command.	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.24 Ensure audit of crontab command	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.25 Ensure audit of kmod command	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.27 Ensure audit of unlink syscall	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.28 Ensure audit unlinkat syscall	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.30 Ensure audit of the finit_module syscall	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.38 Ensure audit of the su command	CIS Amazon Linux 2 STIG v2.0.0 STIG	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 clock_settime	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 adjtimex	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 clock_settime	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify date and time information are collected - auditctl time-change	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - /etc/passwd	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwd	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure discretionary access control permission modification events are collected - b32 setxattr	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1	Unix	AUDIT AND ACCOUNTABILITY
5.3.9 Ensure SSH MaxAuthTries is set to 4 or less	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'	CIS SQL Server 2016 Database L1 AWS RDS v1.4.0	MS_SQLDB	AUDIT AND ACCOUNTABILITY
5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'	CIS SQL Server 2022 Database L1 AWS RDS v1.1.0	MS_SQLDB	AUDIT AND ACCOUNTABILITY
6.3 Ensure 'log_warnings' is Set to '2'	CIS MariaDB 10.6 Database L2 v1.1.0	MySQLDB	AUDIT AND ACCOUNTABILITY
7.1 Application specific logging	CIS Apache Tomcat 10 L2 v1.1.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application	CIS Apache Tomcat 9 L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default	CIS Apache Tomcat 10 L1 v1.1.0	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default	CIS Apache Tomcat 10 L1 v1.1.0	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default	CIS Apache Tomcat 9 L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production	CIS Apache Tomcat 10 L1 v1.1.0	Unix	AUDIT AND ACCOUNTABILITY
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search