Detections
Analytics

Item Search

NameAudit NamePluginCategory
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLCIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

RISK ASSESSMENT

18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Windows 7 Workstation Level 2 v3.2.0Windows

ACCESS CONTROL

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Windows Server 2012 MS L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Windows Server 2012 R2 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2019 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

23.1 (L1) Ensure 'DO Download Mode' is NOT set to 'HTTP blended with Internet Peering'CIS Microsoft Intune for Windows 10 v4.0.0 L1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

IIST-SV-000117 - The IIS 10.0 web server must not perform user management for hosted applications.DISA IIS 10.0 Server v3r3Windows

CONFIGURATION MANAGEMENT

MD7X-00-004400 MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

MD7X-00-009100 When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

SYSTEM AND INFORMATION INTEGRITY

Salesforce.com : AuthConfig - 'Auth Providers = Facebook'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Consumer Key'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Key'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Secret'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Token Issuer'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Consumer Secret'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Default Scope'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - No SSO Auth Providers have been configuredTNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : CronTrigger - 'Cron Jobs with Status of BLOCKED'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : Email Services - 'AddressInactiveAction != 2'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : Email Services - 'FunctionInactiveAction != 2'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : Monitoring Login History - 'Inactive System Administrators'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Setting Password Policies - 'Minimum 1 day password lifetime'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Password Policies - 'Obscure secret answer for password resets = true'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Password Policies - 'passwords expire >= 90'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Session Security - 'Enable clickjack protection for non-setup Salesforce pages = true'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

SYSTEM AND COMMUNICATIONS PROTECTION

Salesforce.com : Setting Session Security - 'Review Apex Mobile User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Call Center Auto-Login Users'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Chatter Answers Users'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Offline User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Salesforce Knowledge Users'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : User Access - 'No new users have been created since the last scan'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

SPLK-CL-000180 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST APISplunk

AUDIT AND ACCOUNTABILITY

WDNS-SC-000014 - The Windows DNS secondary servers must request data origin authentication verification from the primary server when requesting name/address resolution.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-AD-000005-DC - Domain created Active Directory Organizational Unit (OU) objects must have proper access control permissions.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

ACCESS CONTROL