Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.3.1 Ensure events that modify date and time information are collected - /etc/localtimeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.1 Ensure events that modify date and time information are collected - adjtimex (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.1 Ensure events that modify date and time information are collected - adjtimex (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.2 Ensure system administrator command executions (sudo) are collected - 64 bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collectedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collectedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - 64-bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - 64-bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - auditctlCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - auditctl (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - auditctl (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.7 Ensure kernel module loading and unloading is collected - auditctl rmmodCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.7 Ensure kernel module loading and unloading is collected - rmmodCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.9 Ensure file deletion events by users are collected - 64-bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCESCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - '/etc/gshadow'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - auditctl '/etc/group'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - auditctl '/etc/gshadow'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 adjtimexCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 adjtimexCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules time-changeCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadowCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwdCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.6 Ensure events that modify the system's Mandatory Access Controls are collectedCIS SUSE Linux Enterprise 12 v3.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d/CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.9 Ensure discretionary access control permission modification events are collectedCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchownCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b32 chmod fchmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b64 chmod fchmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b64 chown fchownCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERMCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.12 Ensure use of privileged commands is collectedCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure file deletion events by users are collectedCIS SUSE Linux Enterprise 12 v3.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl b32CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl b64CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure system administrator actions (sudolog) are collectedCIS SUSE Linux Enterprise 12 v3.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.16 Ensure system administrator actions (sudolog) are collectedCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

5.1.16 Ensure sshd MaxAuthTries is configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.16 Ensure sshd MaxAuthTries is configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.3 Ensure events that modify the sudo log file are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.10 Ensure successful file system mounts are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.13 Ensure file deletion events by users are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY