Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.2 Configure IP Blocking on Failed LoginsCIS Cisco NX-OS L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CIS Cisco IOS 12 L1 v4.0.0Cisco

ACCESS CONTROL

1.3.2 Set the 'banner-text' for 'banner login'CIS Cisco IOS 12 L1 v4.0.0Cisco

ACCESS CONTROL

1.3.3 Set the 'banner-text' for 'banner motd'CIS Cisco IOS 12 L1 v4.0.0Cisco

ACCESS CONTROL

1.5.1 Set 'no snmp-server' to disable SNMP when unusedCIS Cisco IOS 12 L1 v4.0.0Cisco

SYSTEM AND INFORMATION INTEGRITY

3.1.4 Set 'ip verify unicast source reachable-via'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure 'debug' is turned off - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.1 Set 'key chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.2 Set 'key'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.5 Set 'af-interface default'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.8 Set 'ip authentication key-chain eigrp'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.5 Set 'ip rip authentication mode' to 'md5'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.4.1 Set 'neighbor password'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

20.12 Ensure 'Administrative accounts can not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

20.12 Ensure 'Administrative accounts can not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

Account Management - Review disabled user accountsTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

ACCESS CONTROL

Account Management - Review disabled user accountsTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Configure an IPsec TunnelTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Configure IPsec Tunnel Parameters - cipher-suiteTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Content of Audit Records - Configure disk logging - file rotateTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

AUDIT AND ACCOUNTABILITY

Content of Audit Records - Configure disk logging - file rotateTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

AUDIT AND ACCOUNTABILITY

Content of Audit Records - Configure remote syslog - priority levelTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

AUDIT AND ACCOUNTABILITY

Enable IKE Version 1/2 - cipher-suiteTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'Tenable Cisco Firepower Best Practices AuditCisco

ACCESS CONTROL

Ensure 'EIGRP authentication' is enabledTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'HTTP session timeout' is less than or equal to '5' minutesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'Image Authenticity' is correctTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND INFORMATION INTEGRITY

Ensure 'SNMP traps' is enabled - authenticationTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkdownTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkupTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'TLS 1.0' is set for HTTPS accessTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure email logging is configured for critical to emergencyTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure packet fragments are restricted for untrusted interfacesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Event Logging - Configure remote syslog - serverTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

AUDIT AND ACCOUNTABILITY

Identification and Authentication - Use out of band authentication - AAA - audit loggingTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

IDENTIFICATION AND AUTHENTICATION

Identification and Authentication - Use out of band authentication - Admin Authentication OrderTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

IDENTIFICATION AND AUTHENTICATION

JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstopsDISA STIG Juniper Router RTR v3r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Secure Name/address Resolution Service - Configure DNS servers - PrimaryTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Secure Name/address Resolution Service - Configure DNS servers - PrimaryTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Secure Name/address Resolution Service - Configure DNS servers - SecondaryTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Session Termination - Configure Idle CLI timeoutTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

ACCESS CONTROL

SQL2-00-000400 - SQL Server must maintain and support organization-defined security labels on information in process.DISA STIG SQL Server 2012 Database Audit v1r20MS_SQLDB

ACCESS CONTROL

SQL4-00-032000 - When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in process.DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

ACCESS CONTROL

System Backup - Enable Backups - pathTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

CONTINGENCY PLANNING

System Use Notification - Banner LoginTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Time Stamps - Enable NTP - remote serverTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

AUDIT AND ACCOUNTABILITY