Detections
Analytics

CSCv6|6.4

Title

Have security personnel and/or system administrators run biweekly reports that identify anomalies in logs.

Description

Have security personnel and/or system administrators run biweekly reports that identify anomalies in logs. They should then actively review the anomalies, documenting their findings.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + NG
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1
3.7 Ensure proxies pass source IP informationUnixCIS NGINX Benchmark v1.0.0 L1 Loadbalancer
3.7 Ensure proxies pass source IP informationUnixCIS NGINX Benchmark v1.0.0 L1 Proxy
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v1.0.0 L1 Loadbalancer
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v1.0.0 L1 Proxy
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueUnixCIS Apache Tomcat 9 L1 v1.0.0
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueUnixCIS Apache Tomcat 8 L1 v1.1.0
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueUnixCIS Apache Tomcat 9 L1 v1.0.0 Middleware