| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1' | CIS Amazon Linux v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple OSX 10.11 El Capitan L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue.net | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - /var/log/lastlog | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/btmp | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - wtmp | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b64 EPERM | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - b64 delete | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected | CIS Oracle Linux 6 Server L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl b64 unlink | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl b64 unlink | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - b64 | CIS CentOS 6 Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - b64 unlink | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - b64 init_module/delete_module | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.1 Ensure journald is configured to send logs to rsyslog | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.12 init.ora - 'Specify redo logging must be successful.' | CIS Oracle 9/10 OS Audit L1 v2.01 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in web application) | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category config | CIS BIND DNS v3.0.0 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category dnssec | CIS BIND DNS v3.0.0 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category xfer-out | CIS BIND DNS v3.0.0 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - logging section | CIS BIND DNS v3.0.0 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.3.1 Centralized Logging and Reporting | CIS Fortigate Level 2 v1.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 17.3.1 Ensure 'Audit Process Creation' is set to 'Success' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.3.1 Ensure 'Audit Process Creation' is set to 'Success' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.3.1 Ensure 'Audit Process Creation' is set to 'Success' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.1 Ensure 'Audit File Share' is set to 'Success and Failure' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.2 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.2 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.106: Activation of system logging: /etc/rsyslog.conf - *.err;kern.warning;auth.err;daemon.err | BSI-100-2 Red Hat Linux 2005 | Unix | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.344: Monitoring of Windows Vista, Windows 7 and Windows Server 2008 systems: Audit account management (Success, Failure) | BSI-100-2 Windows 2005 | Windows | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.344: Monitoring of Windows Vista, Windows 7 and Windows Server 2008 systems: Audit policy change (Success, Failure) | BSI-100-2 Windows 2005 | Windows | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.344: Monitoring of Windows Vista, Windows 7 and Windows Server 2008 systems: Audit privilege use (Failure) | BSI-100-2 Windows 2005 | Windows | AUDIT AND ACCOUNTABILITY |
| BSI-100-2: S 4.344: Monitoring of Windows Vista, Windows 7 and Windows Server 2008 systems: Audit process tracking (No auditing) | BSI-100-2 Windows 2005 | Windows | AUDIT AND ACCOUNTABILITY |
