CSCv7|8.6

Title

Centralize Anti-malware Logging

Description

Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
18.9.45.8.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.9.45.8.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.9.45.8.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
18.9.45.8.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.9.45.8.3 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.45.8.3 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
18.9.76.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
18.9.76.14 (L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
18.9.77.15 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL

Detections

Analytics

CSCv7|8.6

Title

Description

Reference Item Details

Audit Items