Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.7 Ensure kernel module loading and unloading is collected - modprobeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.12 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodatCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.12 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattrCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.12 Ensure discretionary access control permission modification events are collected - xattr (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - '/etc/group'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - '/etc/passwd'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.3.14 Ensure events that modify user/group information are collected - auditctl '/etc/passwd'CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.1.9 Ensure discretionary access control permission modification events are collectedCIS SUSE Linux Enterprise 15 Server L2 v1.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.8 Ensure that the kubeAPIQPS [--event-qps] argument is set to 0 or a level which ensures appropriate event captureCIS RedHat OpenShift Container Platform v1.6.0 L2OpenShift

AUDIT AND ACCOUNTABILITY

4.2.16 Ensure sshd MaxAuthTries is configuredCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3 Ensure sudo log file existsCIS Red Hat 6 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.1 Ensure changes to system administration scope (sudoers) is collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.2 Ensure actions as another user are always loggedCIS Rocky Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.2 Ensure actions as another user are always loggedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.2 Ensure actions as another user are always loggedCIS Oracle Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.3 Ensure events that modify the sudo log file are collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.4 Ensure events that modify date and time information are collectedCIS Rocky Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.4 Ensure events that modify date and time information are collectedCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.6 Ensure use of privileged commands are collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.7 Ensure unsuccessful file access attempts are collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.8 Ensure events that modify user/group information are collectedCIS Rocky Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.9 Ensure discretionary access control permission modification events are collectedCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.10 Ensure successful file system mounts are collectedCIS Rocky Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.13 Ensure file deletion events by users are collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.13 Ensure file deletion events by users are collectedCIS Oracle Linux 8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collectedCIS Rocky Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.19 Ensure kernel module loading unloading and modification is collectedCIS Rocky Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.19 Ensure kernel module loading unloading and modification is collectedCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.19 Ensure kernel module loading unloading and modification is collectedCIS Oracle Linux 8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.7 Ensure SSH MaxAuthTries is set to 4 or lessCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

AUDIT AND ACCOUNTABILITY

6.3.3.1 Ensure changes to system administration scope (sudoers) is collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.2 Ensure actions as another user are always loggedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.4 Ensure events that modify date and time information are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.4 Ensure events that modify date and time information are collectedCIS Rocky Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.8 Ensure events that modify user/group information are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.9 Ensure discretionary access control permission modification events are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.13 Ensure file deletion events by users are collectedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.14 Ensure events that modify the system's Mandatory Access Controls are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.21 Ensure the running and on disk configuration is the sameCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

17.4.1 (L1) Ensure 'Audit Directory Service Access' is set to include 'Failure' (DC only)CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

17.7.6 (L1) Ensure 'Audit Other Policy Change Events' is set to include 'Failure'CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'CIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

AUDIT AND ACCOUNTABILITY