Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.3.11.12 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

3.1.19 Ensure 'debug_pretty_print' is enabled - debug_pretty_print is enabledCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.25 Ensure 'log_statement' is set correctly - log_statement is set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

4.3.3 Ensure sudo log file existsCIS Amazon Linux 2023 Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Ensure 'Send connector: Configure protocol logging' is set to 'Verbose'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

AUDIT AND ACCOUNTABILITY

4.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsCIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

AUDIT AND ACCOUNTABILITY

5.2.3.1 Ensure changes to system administration scope (sudoers) is collectedCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.4 Ensure events that modify date and time information are collectedCIS Amazon Linux 2023 Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.21 Ensure the running and on disk configuration is the sameCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.6 (L1) Ensure 'Account Management Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.15 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.15 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.16 (L1) Ensure 'Detailed Tracking Audit PNP Activity' is set to include 'Success'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.16 (L1) Ensure 'Detailed Tracking Audit PNP Activity' is set to include 'Success'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.17 (L1) Ensure 'Detailed Tracking Audit Process Creation' is set to include 'Success'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.20 (L1) Ensure 'Object Access Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

5.25 (L1) Ensure 'System Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - /audit existsCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - /etc/security/audit/config updateCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - audit startupCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - auditclasses updateCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2.5 Ensure that Activity Log Alert exists for Create or Update Security SolutionCIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

AUDIT AND ACCOUNTABILITY

6.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall RuleCIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

AUDIT AND ACCOUNTABILITY

6.3.3.2 Ensure actions as another user are always loggedCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.4 Ensure events that modify date and time information are collectedCIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.19 Ensure kernel module loading unloading and modification is collectedCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.21 Ensure the running and on disk configuration is the sameCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

17.1.3 (L1) Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

17.2.3 (L1) Ensure 'Audit Distribution Group Management' is set to include 'Success' (DC only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

17.2.6 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.3.1 (L1) Ensure 'Audit Process Creation' is set to include 'Success'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.3.2 (L1) Ensure 'Audit Process Creation' is set to include 'Success'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

AUDIT AND ACCOUNTABILITY

17.8.1 (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

AUDIT AND ACCOUNTABILITY

17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY

18.10.15.5 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY