CSCv7|6.3

Title

Enable Detailed Logging

Description

Enable system logging to include detailed information such as a event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Maintain current contact details	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.3.1 L1 Linux Host OS
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.5.0 L1 Linux Host OS
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.15 Ensure that the --audit-log-path argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.15 Ensure that the --audit-log-path argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.2.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.2.0 L1 Linux Host OS
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.21 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.22 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.22 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.22 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.22 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3.3 Ensure sudo log file exists	Unix	CIS CentOS Linux 8 Server L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS AlmaLinux OS 8 Workstation L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS Fedora 28 Family Linux Server L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS Fedora 28 Family Linux Workstation L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.3.3 Ensure sudo log file exists	Unix	CIS Oracle Linux 8 Server L1 v1.0.1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.3 Ensure sudo log file exists	Unix	CIS Red Hat EL7 Server L1 v3.0.1
1.3.3 Ensure sudo log file exists	Unix	CIS Red Hat EL7 Workstation L1 v3.0.1
1.3.3 Ensure sudo log file exists	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.10.5 Ensure 'logging history severity level' is set to greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.6 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.7 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.9 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.10 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0

Detections

Analytics

CSCv7|6.3

Title

Description

Reference Item Details

Audit Items