Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.1 (L1) Ensure emergency access account activity is monitoredCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY

2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrationsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

3.1.1 (L1) Ensure Microsoft 365 audit log search is EnabledCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabledCIS PostgreSQL 17 v1.0.0 L1 PostgreSQLPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.7 Ensure proxies pass source IP information - X-Real-IPCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

4.1 Create CIS Audit ClassCIS Oracle Solaris 11.4 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.1.1 Ensure auditd is installed - audit-libsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.1.1 Ensure journald is configured to write logfiles to persistent diskCIS Bottlerocket L1Unix

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure rsyslog service is enabledCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure rsyslog service is enabled and runningCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.6 Ensure audit system action is defined for sending errorsCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.10 Ensure the auditing processing failures are handled.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.2.11 Ensure off-load of audit logs.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure auditing for processes that start prior to auditd is enabledCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Fedora 19 Family Linux Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Red Hat 6 Workstation L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog service is enabledCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configuredCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabledCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabled and runningCIS Fedora 19 Family Linux Server L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostCIS Fedora 19 Family Linux Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1 Ensure syslog-ng service is enabledCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.2 Ensure systemd-journal-remote is configuredCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.2 Ensure systemd-journal-remote is configuredCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure logging is configuredCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.3 Ensure journald is configured to write logfiles to persistent diskCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.2.6 Ensure journald log rotation is configured per site policyCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.3 Ensure rsyslog or syslog-ng is installedCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.3 Ensure rsyslog or syslog-ng is installedCIS Debian 8 Server L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.3 Ensure rsyslog or syslog-ng is installedCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.4 Ensure IAM policy changes are monitoredCIS Amazon Web Services Foundations v5.0.0 L1amazon_aws

AUDIT AND ACCOUNTABILITY

4.11 Ensure Network Access Control List (NACL) changes are monitoredCIS Amazon Web Services Foundations v5.0.0 L2amazon_aws

AUDIT AND ACCOUNTABILITY

5.3.27 Ensure Printlastlog is enabledCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

5.4.8 Ensure date and time of last successful logonCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'CIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY

6.1.2.2 Ensure journald ForwardToSyslog is disabledCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.1.4 Ensure journald ForwardToSyslog is disabledCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian Linux 12 v1.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS SUSE Linux Enterprise 15 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

7.1.3 Ensure Audit Policies are Enabled Within the DatabaseCIS IBM DB2 11 v1.1.0 Database Level 1IBM_DB2DB

AUDIT AND ACCOUNTABILITY

18.10.44.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY

18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 NGWindows

AUDIT AND ACCOUNTABILITY

20.3 Ensure 'Active Directory Domain Controllers Organizational Unit (OU) object have the proper access control permissions' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY