Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configuredCIS Microsoft 365 Foundations v5.0.0 L2 E5microsoft_azure

SYSTEM AND INFORMATION INTEGRITY

6.1 Ensure that MongoDB uses a non-default portCIS MongoDB 7 v1.1.0 L1 MongoDBUnix

CONFIGURATION MANAGEMENT

6.1 Ensure that MongoDB uses a non-default portCIS MongoDB 6 v1.2.0 L1 MongoDBWindows

CONFIGURATION MANAGEMENT

6.1 Ensure that MongoDB uses a non-default portCIS MongoDB 6 v1.2.0 L1 MongoDBUnix

CONFIGURATION MANAGEMENT

6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

RISK ASSESSMENT

6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

9.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On'CIS Microsoft Azure Foundations v4.0.0 L2microsoft_azure

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

9.12 Set 'Turn off Crash Detection' to 'Enabled'CIS IE 10 v1.1.0Windows

CONFIGURATION MANAGEMENT

DTAM054 - McAfee VirusScan On-Demand scan must be configured to find unknown program threats.DISA McAfee VirusScan 8.8 Managed Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM054 - McAfee VirusScan On-Demand scan must be configured to find unknown program threats.DISA McAfee VirusScan 8.8 Local Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM104 - McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown unwanted programs and trojans.DISA McAfee VirusScan 8.8 Managed Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM104 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown unwanted programs and trojans.DISA McAfee VirusScan 8.8 Local Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM105 - McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown macro viruses.DISA McAfee VirusScan 8.8 Managed Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM105 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown macro viruses.DISA McAfee VirusScan 8.8 Local Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

FireEye - A scheduled system backup job is configuredTNS FireEyeFireEye

CONTINGENCY PLANNING

FireEye - AAA failed logins are trackedTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA lockout settings apply to the 'admin' userTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA lockouts are enabledTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA lockouts occur after at most 5 failuresTNS FireEyeFireEye
FireEye - AAA user mapping defaultTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Boot image must be signedTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - CLI commands do not hide any settings from administratorsTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Configuration auditing logs the required number of changesTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Local logging retention configurationTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Management interface is only accessible from specific IP rangesTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - NTP client is synchronizedTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - NTP client uses a custom serverTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - NTP is enabledTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Reports are run on a scheduleTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - SNMP is enabledTNS FireEyeFireEye
FireEye - SNMP traps use a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SNMP v3 users have passwordsTNS FireEyeFireEye

ACCESS CONTROL

FireEye - SNMP v3 uses AES instead of DESTNS FireEyeFireEye

ACCESS CONTROL

FireEye - SNMP v3 uses SHA instead of MD5TNS FireEyeFireEye

ACCESS CONTROL

FireEye - System events are emailed to administratorsTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - The appliance uses a trusted DNS serverTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Time zone selectionTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - User connections are limited by subnet or VLANTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Web users are logged out after 20 minutes of inactivity or lessTNS FireEyeFireEye

ACCESS CONTROL

FireEye - YARA rules are enabledTNS FireEyeFireEye

SECURITY ASSESSMENT AND AUTHORIZATION

JUSX-IP-000011 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

ACCESS CONTROL

JUSX-IP-000013 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

ACCESS CONTROL

SonicWALL - SSL Control - Certs - Untrusted CATNS SonicWALL v5.9SonicWALL

SYSTEM AND INFORMATION INTEGRITY

SonicWALL - SSL Control - Detect Self-signed certsTNS SonicWALL v5.9SonicWALL

SYSTEM AND INFORMATION INTEGRITY

SonicWALL - SSL Control - Detect Weak Ciphers (<64 bits)TNS SonicWALL v5.9SonicWALL

SYSTEM AND INFORMATION INTEGRITY

SonicWALL - SSL Control - Enable BlacklistTNS SonicWALL v5.9SonicWALL

SYSTEM AND INFORMATION INTEGRITY