CSCv7|6.6

Title

Deploy SIEM or Log Analytic tool

Description

Deploy Security Information and Event Management (SIEM) or log analytic tool for log correlation and analysis.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.7 Ensure logging data is monitored	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
1.7 Ensure logging data is monitored	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v1.1.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v1.1.2
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 17 L1 v1.0.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 15 L1 v4.1.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v1.1.1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
2.12 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.2.0 L2 Docker Linux
2.13 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.13 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.3.1 L2 Docker Linux
2.13 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.5.0 L2 Docker Linux
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 9 Workstation L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 8 Server L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 8 Workstation L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 9 Server L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Fedora 28 Family Linux Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS Linux 8 Server L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS AlmaLinux OS 8 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 8 Server L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 8 Workstation L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 8 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Oracle Linux 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat EL8 Workstation L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS Linux 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS AlmaLinux OS 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat EL8 Server L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS Debian 10 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host	Unix	CIS CentOS Linux 8 Workstation L1 v1.0.1

Detections

Analytics

CSCv7|6.6

Title

Description

Reference Item Details

Audit Items