Detections
Analytics

Item Search

NameAudit NamePluginCategory
ALMA-09-052160 - AlmaLinux OS 9 audispd-plugins package must be installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052270 - AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052490 - AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052820 - AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-052930 - AlmaLinux OS 9 must have the rsyslog package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-053040 - AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ALMA-09-053150 - The rsyslog service on AlmaLinux OS 9 must be active.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CD12-00-011300 - PostgreSQL must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

AUDIT AND ACCOUNTABILITY

ESXI-06-400004 - The VMM must off-load audit records onto a different system or media than the system being audited by configuring remote logging.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

AUDIT AND ACCOUNTABILITY

ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

AUDIT AND ACCOUNTABILITY

ESXI-80-000233 - The ESXi host must off-load audit records via syslog.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

AUDIT AND ACCOUNTABILITY

ESXi: esxi-8.logs-remoteVMware vSphere Security Configuration and Hardening GuideVMware

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.DISA Fortigate Firewall NDM STIG v1r4FortiGate

AUDIT AND ACCOUNTABILITY

FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries.DISA Fortigate Firewall STIG v1r3FortiGate

AUDIT AND ACCOUNTABILITY

JUEX-NM-000600 - The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.DISA Juniper EX Series Network Device Management v2r2Juniper

AUDIT AND ACCOUNTABILITY

JUEX-NM-000670 - The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).DISA Juniper EX Series Network Device Management v2r2Juniper

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

MD7X-00-012400 MongoDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for standalone systems.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

MYS8-00-009700 - The MySQL Database Server 8.0 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

AUDIT AND ACCOUNTABILITY

O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems.DISA Oracle Database 19c STIG v1r1 DatabaseOracleDB

AUDIT AND ACCOUNTABILITY

OL08-00-030062 - OL 8 must label all offloaded audit logs before sending them to the central log server.DISA Oracle Linux 8 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited.DISA Oracle Linux 8 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030700 - OL 8 must take appropriate action when the internal event queue is full.DISA Oracle Linux 8 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030710 - OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited.DISA Oracle Linux 8 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs.DISA Oracle Linux 8 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.DISA Red Hat Enterprise Linux 8 STIG v2r3Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-652055 - RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-653065 - RHEL 9 must take appropriate action when the internal event queue is full.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-653130 - RHEL 9 audispd-plugins package must be installed.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

AUDIT AND ACCOUNTABILITY

SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

AUDIT AND ACCOUNTABILITY

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IPDISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

AUDIT AND ACCOUNTABILITY

UBTU-20-010216 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.DISA Canonical Ubuntu 20.04 LTS STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.DISA Canonical Ubuntu 20.04 LTS STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

UBTU-22-651035 - Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.DISA Canonical Ubuntu 22.04 LTS STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

UBTU-24-900950 - Ubuntu 24.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - runtimeDISA STIG VMware vSphere 6.7 Virgo Client v1r2Unix

AUDIT AND ACCOUNTABILITY

VCRP-67-000009 - The rhttpproxy log files must be moved to a permanent repository in accordance with site policy.DISA STIG VMware vSphere 6.7 RhttpProxy v1r3Unix

AUDIT AND ACCOUNTABILITY

VCRP-70-000007 - Envoy (rhttpproxy) log files must be shipped via syslog to a central log server.DISA STIG VMware vSphere 7.0 RhttpProxy v1r1Unix

AUDIT AND ACCOUNTABILITY

VCRP-70-000008 - Envoy log files must be shipped via syslog to a central log serverDISA STIG VMware vSphere 7.0 RhttpProxy v1r1Unix

AUDIT AND ACCOUNTABILITY

VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

AUDIT AND ACCOUNTABILITY

VCSA-70-000280 - The vCenter server must be configured to send events to a central log server.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

AUDIT AND ACCOUNTABILITY