Detections
Analytics

CSCv6|6.5

Title

Configure network boundary devices, including firewalls, network-based IPS, and inbound and outbound proxies, to verbosely log all traffic (both allowed and blocked) arriving at the device.

Description

Configure network boundary devices, including firewalls, network-based IPS, and inbound and outbound proxies, to verbosely log all traffic (both allowed and blocked) arriving at the device.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.1 Syslog logging should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.1 Syslog logging should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.1 Syslog logging should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.1 Syslog logging should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.1 Syslog logging should be configured - systemPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.1 Syslog logging should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
2.2 Ensure that WMI probing is disabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.2 Ensure that WMI probing is disabledPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'log group is configured'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'log group is configured'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'LogWatch Log Delivery'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'LogWatch Log Delivery'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.3.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.3.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0