Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.10.1 Ensure 'logging' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

2.2 Ensure the Log Config Module Is EnabledCIS Apache HTTP Server 2.2 L1 v3.6.0Unix

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED'CIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED'CIS Oracle Server 18c DB Traditional Auditing v1.1.0OracleDB

AUDIT AND ACCOUNTABILITY

2.16 Ensure Logging is enabled for HTTP(S) Load BalancerCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

3.1.1 (L1) Ensure Microsoft 365 audit log search is EnabledCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.3.4 Ensure suspicious packets are logged - 'sysctl net.ipv4.conf.default.log_martians'CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.1.1 Ensure auditd is installed - auditCIS CentOS 6 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2 Ensure auditd service is enabledCIS Aliyun Linux 2 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.6 Ensure audit system action is defined for sending errorsCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.10 Ensure the auditing processing failures are handled.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS CentOS 6 Server L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog Service is enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1 Ensure syslog-ng service is enabledCIS Debian 9 Server L1 v1.0.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.3 Ensure journald is configured to write logfiles to persistent diskCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.3 Ensure journald is configured to write logfiles to persistent diskCIS Distribution Independent Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event captureCIS Kubernetes v1.23 Benchmark v1.0.1 L2 WorkerUnix

AUDIT AND ACCOUNTABILITY

4.2.9 Ensure that the eventRecordQPS argument is set to a level which ensures appropriate event captureCIS Kubernetes v1.24 Benchmark v1.0.0 L2 WorkerUnix

AUDIT AND ACCOUNTABILITY

5.2.2 Ensure sudo log file is activeCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recordedCIS Debian 10 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Debian 10 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Debian 10 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.3.27 Ensure Printlastlog is enabledCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

5.4.8 Ensure date and time of last successful logonCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

6.1 Ensure 'log_error' is configured correctlyCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

AUDIT AND ACCOUNTABILITY

6.1 Ensure 'log_error' is configured correctlyCIS MariaDB 10.6 Database L1 v1.1.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'ErrorLog is configured'CIS Apache HTTP Server 2.2 L2 v3.6.0Unix

AUDIT AND ACCOUNTABILITY

6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf <VirtualHost> ErrorLog is configured'CIS Apache HTTP Server 2.2 L1 v3.6.0Unix

AUDIT AND ACCOUNTABILITY

6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'CIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY

6.1.1 Configuring syslog - local logging - *.info/auth.none in /etc/syslog.confCIS IBM AIX 7.1 L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.1.1 Ensure the 'USER' Audit Option Is EnabledCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.2 Ensure the 'ROLE' Audit Option Is EnabledCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.5 Ensure the 'DATABASE LINK' Audit Option Is EnabledCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.6 Ensure the 'PUBLIC DATABASE LINK' Audit Option Is EnabledCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.15 Ensure the 'PROCEDURE' Audit Option Is EnabledCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.1.3 Ensure auditing for processes that start prior to auditd is enabledCIS Debian Linux 12 v1.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.26 Ensure the 'DROP TRIGGER' Action Audit Is EnabledCIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

AUDIT AND ACCOUNTABILITY

6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'CIS Apache HTTP Server 2.2 L2 v3.6.0Unix

AUDIT AND ACCOUNTABILITY

6.4.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.5 Ensure the Audit Plugin Can't be UnloadedCIS MariaDB 10.6 Database L1 v1.1.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.8 Ensure the Audit Plugin Can't be UnloadedCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

AUDIT AND ACCOUNTABILITY

9.2 Configure a Logging File Channel - category xfer-inCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

AUDIT AND ACCOUNTABILITY

18.10.44.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY