Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Enable 'aaa new-model'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL

1.1.1 Enable 'aaa new-model'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL

1.1.1.1 Configure AAA Authentication - TACACS if applicableCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL

1.1.2 Enable 'aaa authentication login'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL

1.1.2 Enable 'aaa authentication login'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL

1.1.12 - AirWatch - Turn off VPN when not neededAirWatch - CIS Apple iOS 9 v1.0.0 L1MDM

ACCESS CONTROL

1.1.13 - AirWatch - Turn off VPN when not neededAirWatch - CIS Apple iOS 8 v1.0.0 L1MDM

ACCESS CONTROL

1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

2.9 (L2) Ensure VDS health check is disabledCIS VMware ESXi 7.0 v1.4.0 L2VMware

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.9 Ensure VDS health check is disabledCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1.2.1 Configure BGP to Log Neighbor ChangesCIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2 Configure a Remote Backup ScheduleCIS Cisco NX-OS v1.2.0 L1Cisco

CONTINGENCY PLANNING

7.1 (L1) Ensure the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 7.0 v1.4.0 L1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure the vSwitch Promiscuous Mode policy is set to rejectCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure the vSwitch Promiscuous Mode policy is set to rejectCIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

AMLS-L3-000170 - The Arista Multilayer Switch must not redistribute static routes to alternate gateway service provider into an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other Autonomous System.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

ACCESS CONTROL

AMLS-L3-000210 - The Arista Multilayer Switch must enforce information flow control using explicit security attributes (for example, IP addresses, port numbers, protocol, Autonomous System, or interface) on information, source, and destination objects.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-RT-000330 - The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

Auditing and logging - serverArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

Auditing and logging - severityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

Authorized IP managersArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

Enhanced secure modeArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

CONFIGURATION MANAGEMENT

ESXI-06-000061 - The virtual switch Promiscuous Mode policy must be set to reject.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

CONFIGURATION MANAGEMENT

ESXI-65-000061 - The virtual switch Promiscuous Mode policy must be set to reject on the ESXi host.DISA STIG VMware vSphere ESXi 6.5 v2r4VMware

CONFIGURATION MANAGEMENT

ESXI-67-000061 - The virtual switch Promiscuous Mode policy must be set to reject on the ESXi host.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-70-000061 - All port groups on standard switches must be configured to reject guest promiscuous mode requests.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-80-000218 - The ESXi host must configure virtual switch security policies to reject promiscuous mode requests.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

CONFIGURATION MANAGEMENT

ESXi: esxi-8.network-bpduVMware vSphere Security Configuration and Hardening GuideVMware

CONFIGURATION MANAGEMENT

Front panel securityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

HP ProCurve - 'Configure Management VLAN'TNS HP ProCurveHPProCurve

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Include Logout in Session RecordsTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

JUEX-L2-000080 - The Juniper EX switch must be configured to enable Root Protection on STP switch ports connecting to access layer switches.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000110 - The Juniper EX switch must be configured not to forward unknown unicast traffic to access interfaces.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000370 - The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Local password complexity - password configuration agingArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password configuration historyArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Management VLANArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

CONFIGURATION MANAGEMENT

Network Security - Configure LLDP only on required network ports - LLDP-MEDJuniper Hardening JunOS 12 Devices ChecklistJuniper

CONFIGURATION MANAGEMENT

VCSA-80-000271 - The vCenter Server must only send NetFlow traffic to authorized collectors.DISA VMware vSphere 8.0 vCenter STIG v2r2VMware

CONFIGURATION MANAGEMENT

vNetwork : label-vswitchesVMWare vSphere 5.X Hardening GuideVMware