Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

2.5 Ensure proper SNMP configuration - 'community name private does not exist'CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

2.7 Ensure Sever Header is Modified To Prevent Information DisclosureCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriatelyCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

4.4 Verify Active Directory group membership for the 'ESX Admins' groupCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

4.5 Restrict access to Tomcat temp directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.14 Restrict access to Tomcat web.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

5.2.3 Complex passwords must contain an Alphabetic Character - 'Policy Check'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix
5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix
5.2.7 Password AgeCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3 Ensure forwarding of decrypted content to WildFire is enabledCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.8 Disable automatic loginCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

5.10 Verify contents of exposed configuration filesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

6.1.3 Disable guest account loginCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

6.3 Mask and zone SAN resources appropriatelyCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
6.5 Ensure 'sslProtocol' is Configured Correctly for Secure ConnectorsCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilitiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources ExistsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.4 Ensure that logging is enabled on built-in default security policiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

7.5 Ensure pattern in context.xml is correctCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

8.2.1 Disconnect unauthorized devices - Floppy DevicesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

MEDIA PROTECTION

8.3.2 Minimize use of the VM consoleCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.4.2 Control VMsafe Agent AddressCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

8.4.3 Control VMsafe Agent PortCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

8.4.14 Disable Shell ActionCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.18 Disable UnityCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.6.3 Disable virtual disk wipingCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

10.3 Restrict manager applicationCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.5 Rename the manager application - webapps/managerCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.6 Enable strict servlet ComplianceCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

10.8 Do not allow additional path delimiters - ALLOW_BACKSLASHCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.11 Force SSL for all applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.13 Do not run applications as privilegedCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.17 Setting Security Lifecycle Listener - check for umask uncommented in startupCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.19 Ensure Manager Application Passwords are EncryptedCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Mac OSX 10.10 Yosemite is installedCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix