Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'CIS Oracle Server 18c Windows v1.1.0Windows

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'CIS SQL Server 2022 Database L1 OS v1.1.0Windows

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Ensure SQL Server is configured to use non-standard portsCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesCIS SQL Server 2017 Database L1 DB v1.3.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure Hit count is Enable for the rulesCIS Check Point Firewall L2 v1.1.0CheckPoint

SECURITY ASSESSMENT AND AUTHORIZATION

3.4.2.1 Ensure IPv6 default deny firewall policyCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.3 Ensure IPv6 outbound and established connections are configuredCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure firewalld is installed - iptablesCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.7 Ensure firewalld drops unnecessary services and portsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.4 Ensure iptables are flushed with nftables - ip6tablesCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.5 Ensure an nftables table existsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.7 Ensure nftables loopback traffic is configured - ip saddrCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.9 Ensure nftables default deny firewall policy - forwardCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.9 Ensure nftables default deny firewall policy - outputCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.10 Ensure nftables service is enabledCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.1 Ensure iptables packages are installed - iptables-servicesCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.1 Ensure iptables loopback traffic is configured - Chain OUTPUTCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.1 Ensure iptables loopback traffic is configured - Chain OUTPUTCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.5 Ensure iptables rules are savedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.6 Ensure iptables is enabled and running - enabledCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.1 Ensure ip6tables loopback traffic is configured - Chain OUTPUTCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.2 Ensure ip6tables outbound and established connections are configured - INPUTCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.4 Ensure ip6tables default deny firewall policyCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.5 Ensure ip6tables rules are savedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.2 Ensure default deny firewall policy - OUTPUTCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.4 Ensure outbound and established connections are configuredCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.1 Ensure that all Namespaces have Network Policies definedCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.2 Ensure that all Namespaces have Network Policies definedCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure SSH X11 forwarding is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.3 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.4 Ensure clusters are created with Private NodesCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Ensure routing tables for VPC peering are "least access"CIS Amazon Web Services Foundations v5.0.0 L2amazon_aws

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.2 Ensure use of VPC-native clustersCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.5 Ensure clusters are created with Private NodesCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Ensure that incoming container traffic is bound to a specific host interfaceCIS Docker v1.7.0 L1 Docker - LinuxUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.21 Ensure that the host's UTS namespace is not sharedCIS Docker v1.7.0 L1 Docker - LinuxUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.14 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the InternetCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.14 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the InternetCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure that management plane traffic is separated from data plane trafficCIS Docker v1.7.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'SQL Server Browser Service' is configured correctlyCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure that RDP access from the Internet is evaluated and restrictedCIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION