Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.5.1 Ensure 'ASDM banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Ensure 'EXEC banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.11.3 Ensure 'snmp-server host' is set to 'version 3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.11.4 Ensure 'SNMP traps' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2.2 If Possible, Limit the BGP Routes Accepted from PeersCIS Cisco NX-OS L2 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.all.accept_source_routeCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.default.accept_source_routeCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirectsCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.default.accept_redirectsCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.all.secure_redirectsCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.default.secure_redirectsCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.5 Ensure broadcast ICMP requests are ignored - sysctl execCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.5 Ensure broadcast ICMP requests are ignored - sysctl.conf/sysctl.dCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.6 Ensure bogus ICMP responses are ignored - sysctl execCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.all.rp_filterCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.default.rp_filterCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.8 Ensure TCP SYN Cookies is enabled - sysctl execCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.8 Ensure TCP SYN Cookies is enabled - sysctl.conf/sysctl.dCIS Google Container-Optimized OS L1 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.all.accept_raCIS Google Container-Optimized OS L2 Server v1.1.0Unix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2 Configure CDPCIS Cisco NX-OS L2 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure Default Network Access Rule for Storage Accounts is Set to DenyCIS Microsoft Azure Foundations v2.1.0 L1microsoft_azure

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure ActiveX filtering is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure Java applet filtering is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.6.4 The default namespace should not be usedCIS Google Kubernetes Engine (GKE) v1.5.0 L2GCP

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure to disable unused services in BIG-IP configurationCIS F5 Networks v1.0.0 L1F5

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.7.4 The default namespace should not be usedCIS Kubernetes v1.24 Benchmark v1.0.0 L2 MasterUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.7.4 The default namespace should not be usedCIS Kubernetes Benchmark v1.9.0 L2 MasterUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure minimum SNMP version is set to V3 for agent accessCIS F5 Networks v1.0.0 L1F5

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

8.7 Ensure that Private Endpoints are Used for Azure Key VaultCIS Microsoft Azure Foundations v2.1.0 L2microsoft_azure

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

EC2: DescribeAccountAttributes - 'default VPC'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeAccountAttributes - 'supported platforms'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstances - 'Review list of current VPCs and their platforms'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstances - 'Review list of current VPCs and their status'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstances - 'Verify the architecture of instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

EC2: DescribeInstanceStatus - 'Review instances with impaired system status'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review instances with impared instance status'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review instances with insufficient-data instance status'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review instances with insufficient-data system status'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review pending instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review shutting down instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review status of instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review stopped instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeInstanceStatus - 'Review terminated instances'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

EC2: DescribeVpcs - 'Review the current VPC list'Tenable AWS Best Practice Auditamazon_aws

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION