Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

17.2.5 (L1) Ensure 'Audit Security Group Management' is set to include 'Success'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.2.6 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.5.4 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.5.6 (L1) Ensure 'Audit Special Logon' is set to include 'Success'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

18.1.2.2 (L1) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.4.5 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.5.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.10.8.1 (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

MEDIA PROTECTION

18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

MEDIA PROTECTION

18.10.9.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.10.15.2 (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL

18.10.16.1 (L1) Ensure 'Allow Diagnostic Data' is set to 'Enabled: Diagnostic data off (not recommended)' or 'Enabled: Send required diagnostic data'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.10.26.1.1 (L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

18.10.26.2.2 (L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

18.10.26.3.2 (L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

18.10.43.6.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configuredCIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Access this computer from the networkMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Accounts: Limit local account use of blank passwords to console logon onlyMSCT Windows Server v20H2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Allow active scriptingMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Allow Basic authentication - Service - AllowBasicMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Audit Kerberos Authentication ServiceMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit LogonMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Logon/Logoff EventsMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other Object Access EventsMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security State ChangeMSCT Windows Server v20H2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Automatic prompting for file downloads - Internet ZoneMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Network access: Restrict anonymous access to Named Pipes and SharesMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Network security: Allow LocalSystem NULL session fallbackMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Perform volume maintenance tasksMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Remote host allows delegation of non-exportable credentialsMSCT Windows Server 2019 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Reset account lockout counter afterMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Restore files and directoriesMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Specify the maximum log file size (KB) - ApplicationMSCT Windows Server 2019 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)MSCT Windows Server 2019 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off the Security Settings Check featureMSCT Windows Server 2019 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn on SmartScreen Filter scan - Restricted Sites ZoneMSCT Windows Server 2019 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Turn On Virtualization Based Security - LsaCfgFlagsMSCT Windows Server 2019 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY