Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4.1.3 Ensure known default accounts do not existCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not existCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not existCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.8 SSH Strong Algorithm - c) Disable encryption aes128-cbcTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - j) Disable diffie-hellman group1-sha1Tenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - d) renegotiateTenable ZTE ROSNGZTE_ROSNG

CONFIGURATION MANAGEMENT

1.13 Ensure 'Smart Lock' is set to DisabledAirWatch - CIS Google Android 7 v1.0.0 L2MDM

CONFIGURATION MANAGEMENT

2.1 Protection Policy for the CPS Control EngineTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.4 Audit Security Keys Used With Apple AccountsCIS Apple macOS 14.0 Sonoma v3.0.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

2.1.1.4 Audit Security Keys Used With Apple AccountsCIS Apple macOS 26 Tahoe v1.0.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

2.1.1.4 Audit Security Keys Used With Apple AccountsCIS Apple macOS 13.0 Ventura v4.0.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

2.1.1.4 Audit Security Keys Used With Apple AccountsCIS Apple macOS 15.0 Sequoia v2.0.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

3.1.14 Ensure the correct SQL statements generating errors are recordedCIS PostgreSQL 9.5 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2.1 Review use of the guest user in databasesCIS Sybase 15.0 L2 DB v1.1.0SybaseDB
3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.4 Rebuild the images to include security patchesCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.4 Rebuild the images to include security patchesCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and EnabledCIS Apache HTTP Server 2.4 v2.3.0 L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesCIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelCIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.8 Extensible Firmware Interface (EFI) passwordCIS Apple OSX 10.11 El Capitan L2 v1.1.0Unix
Ensure known default accounts do not existTenable Cisco Firepower Best Practices AuditCisco

IDENTIFICATION AND AUTHENTICATION

Ensure known default accounts do not exist - cmd_execTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

ACCESS CONTROL

EX13-EG-000095 - Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-EG-000100 - Exchange Outbound Connection Limit per Domain Count must be controlled.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000225 - The Exchange Outbound Connection Limit per Domain Count must be controlled.DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000230 - The Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000190 - Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000200 - Exchange Outbound Connection Limit per Domain Count must be controlled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000270 - Exchange Receive connector Maximum Hop Count must be 60.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-MB-000450 - The Exchange Outbound Connection Limit per Domain Count must be controlled.DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-MB-000460 - The Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-ED-000110 - Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-ED-000111 - Exchange Outbound Connection limit per Domain Count must be controlled.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-ED-000137 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND INFORMATION INTEGRITY

EX19-MB-000131 - The Exchange Outbound Connection Limit per Domain Count must be controlled.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-MB-000132 - The Exchange Outbound Connection Timeout must be 10 minutes or less.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-AG-000057 - The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log.DISA Juniper SRX Services Gateway ALG v3r3Juniper

AUDIT AND ACCOUNTABILITY

JUSX-AG-000063 - In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally.DISA Juniper SRX Services Gateway ALG v3r3Juniper

AUDIT AND ACCOUNTABILITY

JUSX-DM-000061 - In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.DISA Juniper SRX Services Gateway NDM v3r3Juniper

ACCESS CONTROL, CONFIGURATION MANAGEMENT

O19C-00-010800 - The Oracle Database data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.DISA Oracle Database 19c STIG v1r3 OracleDBOracleDB

CONFIGURATION MANAGEMENT

VCPF-70-000033 - Performance Charts must set the secure flag for cookies.DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-70-000030 - The Security Token Service must set the secure flag for cookies.DISA STIG VMware vSphere 7.0 STS Tomcat v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

CONFIGURATION MANAGEMENT

WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

CONFIGURATION MANAGEMENT