Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.1.2.3 Ensure audit system is set to single when the disk is full.CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.6 Ensure audit system action is defined for sending errorsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.8 Ensure audit logs are stored on a different system.CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.9 Ensure audit logs on separate system are encrypted.CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs - directionCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs - pathCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs - typeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.12 Ensure action is taken when audisp-remote buffer is fullCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.13 Ensure off-loaded audit logs are labeled.CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.7 Enable use of the au-remote pluginCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.8 Ensure off-load of audit logs - directionCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.8 Enure off-load of audit logs - pathCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.8 Enure off-load of audit logs - typeCIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.10 Ensure off-loaded audit logs are labeled.CIS Amazon Linux 2 STIG v1.0.0 L3Unix

AUDIT AND ACCOUNTABILITY

4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'CIS v1.1.0 Oracle 11g OS Windows Level 1Windows

AUDIT AND ACCOUNTABILITY

4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'CIS v1.1.0 Oracle 11g OS L1Unix

AUDIT AND ACCOUNTABILITY

4.11 init.ora - 'Specify redo logging must be successful.'CIS v1.1.0 Oracle 11g OS Windows Level 1Windows

AUDIT AND ACCOUNTABILITY

20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

AUDIT AND ACCOUNTABILITY

20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

ALMA-09-052160 - AlmaLinux OS 9 audispd-plugins package must be installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052270 - AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.DISA CloudLinux AlmaLinux OS 9 STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052490 - AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-053040 - AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

Auditing and logging - serverArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

Big Sur - Off-Load Audit RecordsNIST macOS Big Sur v1.4.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

Catalina - Off-Load Audit RecordsNIST macOS Catalina v1.5.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

Ensure 'syslog hosts' is configured correctlyTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

AUDIT AND ACCOUNTABILITY

EPAS-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.EnterpriseDB PostgreSQL Advanced Server DB v2r1PostgreSQLDB

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS'IBM System i Security Reference for V7R2AS/400

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS'IBM System i Security Reference for V7R1 and V6R1AS/400

AUDIT AND ACCOUNTABILITY

JUEX-NM-000600 - The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.DISA Juniper EX Series Network Device Management v2r2Juniper

AUDIT AND ACCOUNTABILITY

Logging: capture level is set to at least infoTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

AUDIT AND ACCOUNTABILITY

Logging: Use an external syslog hostTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

AUDIT AND ACCOUNTABILITY

MD7X-00-012400 MongoDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for standalone systems.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

Monterey - Off-Load Audit RecordsNIST macOS Monterey v1.0.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited.DISA Oracle Linux 8 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030700 - OL 8 must take appropriate action when the internal event queue is full.DISA Oracle Linux 8 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-653130 - RHEL 9 audispd-plugins package must be installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

AUDIT AND ACCOUNTABILITY

SPLK-CL-000150 - Splunk Enterprise must be configured to offload log records onto a different system or media than the system being audited.DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST APISplunk

AUDIT AND ACCOUNTABILITY

SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

AUDIT AND ACCOUNTABILITY

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enableDISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

AUDIT AND ACCOUNTABILITY

Syslog Remote Destination - HostTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

AUDIT AND ACCOUNTABILITY

VCSA-80-000148 - The vCenter Server must be configured to send logs to a central log server.DISA VMware vSphere 8.0 vCenter STIG v2r2VMware

AUDIT AND ACCOUNTABILITY

VCST-80-000081 The vCenter STS service must offload log records onto a different system or media from the system being logged.DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

VCUI-80-000081 The vCenter UI service must offload log records onto a different system or media from the system being logged.DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

WN22-AU-000010 - Windows Server 2022 audit records must be backed up to a different system or media than the system being audited.DISA Microsoft Windows Server 2022 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY