Item Search

Name	Audit Name	Plugin	Category
2.2.29 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
2.2.30 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'	CIS Red Hat 6 Workstation L1 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /sbin/sysctl'	CIS Oracle Linux 6 Server L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /sbin/sysctl'	CIS Oracle Linux 6 Workstation L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'	CIS Oracle Linux 6 Workstation L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /sbin/sysctl'	CIS Oracle Linux 6 Workstation L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /sbin/sysctl'	CIS Red Hat 6 Server L1 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.3 Ensure auditd service is enabled	CIS Oracle Linux 6 Server L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.4 Ensure auditing for processes that start prior to auditd is enabled	CIS Oracle Linux 6 Server L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.17 Ensure the audit configuration is immutable	CIS Oracle Linux 6 Workstation L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.2 Ensure auditing for processes that start prior to auditd is enabled	CIS Oracle Linux 7 v4.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure audit_backlog_limit is sufficient	CIS Amazon Linux 2023 Server L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure audit_backlog_limit is sufficient	CIS Amazon Linux 2 v3.0.0 L2	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure audit_backlog_limit is sufficient	CIS Rocky Linux 8 Server L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure audit_backlog_limit is sufficient	CIS Red Hat EL8 Server L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure auditing for processes that start prior to auditd is enabled	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.1.3 Ensure auditing for processes that start prior to auditd is enabled	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded	CIS Oracle Linux 7 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded	CIS Rocky Linux 8 Workstation L2 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded	CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded	CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded	CIS Amazon Linux 2 v3.0.0 L2	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded	CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded	CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded	CIS AlmaLinux OS 8 Workstation L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded	CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded	CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded	CIS Red Hat EL8 Server L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
6.1 Ensure 'log_error' is configured correctly	CIS MySQL 5.7 Community Database L1 v2.0.0	MySQLDB	AUDIT AND ACCOUNTABILITY
6.1 Ensure 'log_error' Is Not Empty	CIS MySQL 5.6 Enterprise Database L1 v2.0.0	MySQLDB	AUDIT AND ACCOUNTABILITY
6.1.2 Ensure the 'ROLE' Audit Option Is Enabled	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.1.6 Ensure the 'PUBLIC DATABASE LINK' Audit Option Is Enabled	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.1.14 Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is Enabled	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is Enabled	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.1.17 Ensure the 'TRIGGER' Audit Option Is Enabled	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.9 Ensure the 'CREATE PROFILE' Action Audit Is Enabled	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.14 Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.22 Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.3.1.2 Ensure auditing for processes that start prior to auditd is enabled	CIS AlmaLinux OS 9 v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.3.1.2 Ensure auditing for processes that start prior to auditd is enabled	CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.3.1.3 Ensure auditing for processes that start prior to auditd is enabled	CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collected	CIS Rocky Linux 9 v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collected	CIS Oracle Linux 9 v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collected	CIS Rocky Linux 9 v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collected	CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.8 Ensure the Audit Plugin Can't be Unloaded	CIS MySQL 5.7 Enterprise Database L1 v2.0.0	MySQLDB	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search