Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.15 Ensure that the admission control plugin PodSecurityPolicy is setCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.25 Ensure that the --service-account-lookup argument is set to trueCIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

2.1 Ensure that authentication is enabled for Cassandra databasesCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0Unix

ACCESS CONTROL

2.1 Ensure that authentication is enabled for Cassandra databasesCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0Unix

ACCESS CONTROL

2.2 Ensure that authorization is enabled for Cassandra databasesCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0Unix

ACCESS CONTROL

2.2 Ensure that authorization is enabled for Cassandra databasesCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0Unix

ACCESS CONTROL

3.2.1 (L1) Ensure DLP policies are enabledCIS Microsoft 365 Foundations v4.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.1 (L1) Ensure DLP policies are enabledCIS Microsoft 365 Foundations v4.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.2 (L1) Ensure DLP policies are enabled for Microsoft TeamsCIS Microsoft 365 Foundations v4.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.3 Restrict Query OriginsCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

ACCESS CONTROL

3.3 Restrict Query OriginsCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

ACCESS CONTROL

4.1.5 Ensure that Service Account Tokens are only mounted where necessaryCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1GCP

CONFIGURATION MANAGEMENT

4.1.5 Ensure that Service Account Tokens are only mounted where necessaryCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueCIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.8 Make use of default rolesCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

ACCESS CONTROL

6.2.2 (L1) Host must ensure all datastores have unique namesCIS VMware ESXi 8.0 v1.1.0 L1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

6.2.10 Ensure 'JAVA_ADMIN' Is Revoked From Unauthorized 'GRANTEE'CIS Oracle Database 23ai v1.0.0 L1 RDBMSOracleDB

ACCESS CONTROL, MEDIA PROTECTION

7.6 (L1) Virtual machines must limit console sharing.CIS VMware ESXi 8.0 v1.1.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'CIS Apache HTTP Server 2.2 L1 v3.6.0Unix

ACCESS CONTROL

8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'CIS Apache HTTP Server 2.2 L2 v3.6.0Unix

ACCESS CONTROL

8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'CIS Apache HTTP Server 2.2 L1 v3.6.0 MiddlewareUnix

ACCESS CONTROL

8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'CIS Apache HTTP Server 2.4 v2.2.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage servicesCIS Microsoft 365 Foundations v4.0.0 L2 E3microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage servicesCIS Microsoft 365 Foundations v4.0.0 L2 E5microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

8.1.1 (L2) Ensure only one remote console connection is permitted to a VM at any timeCIS VMware ESXi 7.0 v1.4.0 L2VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.1.2 Ensure only one remote console connection is permitted to a VM at any timeCIS VMware ESXi 6.7 v1.3.0 Level 2VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

10.1 Ensure SELinux Is Enabled in Enforcing Mode - config fileCIS BIND DNS v1.0.0 L2 Authoritative Name ServerUnix

ACCESS CONTROL

10.1 Ensure SELinux Is Enabled in Enforcing Mode - config fileCIS BIND DNS v1.0.0 L2 Caching Only Name ServerUnix

ACCESS CONTROL

10.1 Ensure SELinux Is Enabled in Enforcing Mode - current modeCIS BIND DNS v1.0.0 L2 Authoritative Name ServerUnix

ACCESS CONTROL

10.1 Ensure SELinux Is Enabled in Enforcing Mode - current modeCIS BIND DNS v1.0.0 L2 Caching Only Name ServerUnix

ACCESS CONTROL

11.1 Ensure SELinux Is Enabled in Enforcing ModeCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

ACCESS CONTROL

11.1 Ensure SELinux Is Enabled in Enforcing ModeCIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix

ACCESS CONTROL

11.1 Ensure SELinux Is Enabled in Enforcing ModeCIS Apache HTTP Server 2.4 v2.2.0 L2Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION