Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grantsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.1.11 Ensure the spoofed domains report is reviewed weeklyCIS Microsoft 365 Foundations E5 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

2.1.12 Ensure the 'Restricted entities' report is reviewed weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

2.1.13 Ensure malware trends are reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

2.2 Ensure monitoring and alerting exist for MANAGE GRANTS privilege grantsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.3 Ensure monitoring and alerting exist for password sign-ins of SSO usersCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.3.1 Ensure the Account Provisioning Activity report is reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

2.3.2 Ensure non-global administrator role group assignments are reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

2.4 Ensure monitoring and alerting exist for password sign-in without MFACIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrationsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.6 Ensure monitoring and alerting exist for changes to network policies and associated objectsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.7 Ensure monitoring and alerting exist for SCIM token creationCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.8 Ensure monitoring and alerting exists for new share exposuresCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.9 Ensure monitoring and alerting exists for sessions from unsupported Snowflake Connector for Python and JDBC and ODBC driversCIS Snowflake Foundations v1.0.0 L2Snowflake

AUDIT AND ACCOUNTABILITY

3.1.2 Ensure user role group changes are reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2 Ensure CloudTrail log file validation is enabledCIS Amazon Web Services Foundations v4.0.1 L2amazon_aws

AUDIT AND ACCOUNTABILITY

3.7 Ensure proxies pass source IP information - X-Real-IPCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

3.7 Ensure proxies pass source IP information - X-Real-IPCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

AUDIT AND ACCOUNTABILITY

5.1.5.1 Ensure the Application Usage report is reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

5.2.4.2 Ensure the self-service password reset activity report is reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

5.2.6.1 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weeklyCIS Microsoft 365 Foundations E5 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

6.4.1 Ensure mail forwarding rules are reviewed at least weeklyCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

Big Sur - Audit Record Reduction and Report Generation - processingNIST macOS Big Sur v1.4.0 - 800-53r4 HighUnix

AUDIT AND ACCOUNTABILITY

Big Sur - Audit Record Reduction and Report Generation - processingNIST macOS Big Sur v1.4.0 - 800-53r5 ModerateUnix

AUDIT AND ACCOUNTABILITY

Big Sur - Audit Record Reduction and Report Generation - processingNIST macOS Big Sur v1.4.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

Big Sur - Audit Record Reduction and Report Generation - processingNIST macOS Big Sur v1.4.0 - 800-53r5 HighUnix

AUDIT AND ACCOUNTABILITY

Catalina - Audit Record Reduction and Report Generation - processingNIST macOS Catalina v1.5.0 - 800-53r5 ModerateUnix

AUDIT AND ACCOUNTABILITY

Catalina - Audit Record Reduction and Report Generation - processingNIST macOS Catalina v1.5.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

Catalina - Audit Record Reduction and Report Generation - processingNIST macOS Catalina v1.5.0 - 800-53r4 HighUnix

AUDIT AND ACCOUNTABILITY

Catalina - Audit Record Reduction and Report Generation - processingNIST macOS Catalina v1.5.0 - 800-53r5 HighUnix

AUDIT AND ACCOUNTABILITY

Monterey - Audit Record Reduction and Report Generation - processingNIST macOS Monterey v1.0.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

Monterey - Audit Record Reduction and Report Generation - processingNIST macOS Monterey v1.0.0 - 800-53r5 ModerateUnix

AUDIT AND ACCOUNTABILITY

Monterey - Audit Record Reduction and Report Generation - processingNIST macOS Monterey v1.0.0 - 800-53r4 HighUnix

AUDIT AND ACCOUNTABILITY

Monterey - Audit Record Reduction and Report Generation - processingNIST macOS Monterey v1.0.0 - 800-53r5 HighUnix

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 105'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 109'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 110'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 111'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 113'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 116'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 118'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 128'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 130'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 131'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 135'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 170'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 171'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 172'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 173'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 177'DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

AUDIT AND ACCOUNTABILITY