Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.1 Restrict Access to VTY SessionsCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY

2.4.2 Ensure all the login accounts having specific trusted hosts enabledCIS Fortigate 7.0.x v1.3.0 L1FortiGate

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-53r4 HighUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-53r5 ModerateUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - CNSSI 1253Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-171Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-53r5 LowUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - All ProfilesUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-53r4 ModerateUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Catalina - Configure Gatekeeper to Disallow End User OverrideNIST macOS Catalina v1.5.0 - 800-53r5 HighUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP).DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

SYSTEM AND INFORMATION INTEGRITY

GEN000000-AIX00060 - A baseline of AIX files with the TCB bit set must be checked weekly.DISA STIG AIX 5.3 v1r2Unix

SYSTEM AND INFORMATION INTEGRITY

GEN000000-AIX00060 - A baseline of AIX files with the TCB bit set must be checked weekly.DISA STIG AIX 6.1 v1r14Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006570 - The file integrity tool must be configured to verify ACLs.DISA STIG AIX 6.1 v1r14Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006570 - The file integrity tool must be configured to verify ACLs.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

SYSTEM AND INFORMATION INTEGRITY

GEN006570 - The file integrity tool must be configured to verify ACLs.DISA STIG for Oracle Linux 5 v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006571 - The file integrity tool must be configured to verify extended attributes.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

SYSTEM AND INFORMATION INTEGRITY

GEN006571 - The file integrity tool must be configured to verify extended attributes.DISA STIG AIX 6.1 v1r14Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006571 - The file integrity tool must be configured to verify extended attributes.DISA STIG for Oracle Linux 5 v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.DISA STIG AIX 6.1 v1r14Unix

SYSTEM AND INFORMATION INTEGRITY

GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

SYSTEM AND INFORMATION INTEGRITY

GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.DISA STIG for Oracle Linux 5 v2r1Unix

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.1v1 - Only administrators SHALL be allowed to register applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.2v1 - Only administrators SHALL be allowed to consent to applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.3v1 - An admin consent workflow SHALL be configured for applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.4v1 - Group owners SHALL NOT be allowed to consent to applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.1v1 - A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.2v1 - Privileged users SHALL be provisioned with finer-grained roles instead of Global Administrator.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.4v1 - Permanent active role assignments SHALL NOT be allowed for highly privileged roles.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.6v1 - Activation of the Global Administrator role SHALL require approval.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.7v1 - Eligible and Active highly privileged role assignments SHALL trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.8v1 - User activation of the Global Administrator role SHALL trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.9v1 - User activation of other highly privileged roles SHOULD trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.8.2v1 - Only users with the Guest Inviter role SHOULD be able to invite guest users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.3.1v1 - Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.5.1v1 - At a minimum, the alerts required by the CISA M365 Security Configuration Baseline for Exchange Online SHALL be enabled.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.5.2v1 - The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.6.2v1 - Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.6.3v1 - Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.3v1 - The DMARC point of contact for aggregate reports SHALL include `[email protected]`.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.4v1 - An agency point of contact SHOULD be included for aggregate and failure reports.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.16.2v1 - The alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.3v1 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.4.1v1 - Teams email integration SHALL be disabled.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.7.2v1 - Users SHOULD be prevented from opening or downloading files detected as malware.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.8.1v1 - URL comparison with a blocklist SHOULD be enabled.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.8.2v1 - User click tracking SHOULD be enabled.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

O121-C2-019600 - The system must verify there have not been unauthorized changes to the DBMS software and information.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

SYSTEM AND INFORMATION INTEGRITY

SQL2-00-015350 - Software, applications, and configuration files that are part of, or related to, the SQL Server 2012 installation must be monitored to discover unauthorized changes.DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

SQL2-00-015355 - Software, applications, and configuration files that are part of, or related to, the SQL Server 2012 installation must be audited.DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

SYSTEM AND INFORMATION INTEGRITY