800-53|SI-4(2)

Title

AUTOMATED TOOLS FOR REAL-TIME ANALYSIS

Description

The organization employs automated tools to support near real-time analysis of events.

Supplemental

Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems.

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.6.3 Configure Netflow on Strategic PortsCiscoCIS Cisco NX-OS L2 v1.1.0
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
2.4.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.3.2 Configure Storm ControlCiscoCIS Cisco NX-OS L2 v1.1.0
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categoriesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categoriesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is loggedPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is loggedPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data ObjectPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data ObjectPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0