CSCv6|6.6

Title

Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis.

Description

Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis. Using the SIEM tool, system administrators and security personnel should devise profiles of common events from given systems so that they can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v1.1.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 15 L1 v4.1.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v1.1.1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 15 L1 v4.0.1
2.12 Ensure centralized and remote logging is configured	Unix	CIS Docker Community Edition v1.1.0 L2 Docker
2.12 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.2.0 L2 Docker Linux
2.13 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.3.1 L2 Docker Linux
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 8 Server L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat 6 Server L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 8 Workstation L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	Huawei EulerOS 2 Workstation L1 v1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Server L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS 6 Workstation L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Workstation L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS 6 Server L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	Huawei EulerOS 2 Server L1 v1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf	Unix	CIS Amazon Linux v2.1.0 L1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS 6 Server L1 v3.0.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Server L1 v1.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Workstation L1 v1.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0

Detections

Analytics

CSCv6|6.6

Title

Description

Reference Item Details

Audit Items