Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Configure AAA Authentication - TACACS if applicableCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL

1.1.2 Enable 'aaa authentication login'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL

1.1.12 - AirWatch - Turn off VPN when not neededAirWatch - CIS Apple iOS 9 v1.0.0 L1MDM

ACCESS CONTROL

1.1.13 - AirWatch - Turn off VPN when not neededAirWatch - CIS Apple iOS 8 v1.0.0 L1MDM

ACCESS CONTROL

1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.4.1 Set 'password' for 'enable secret'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL

2.9 (L2) Ensure VDS health check is disabledCIS VMware ESXi 7.0 v1.5.0 L2VMware

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.9 Ensure VDS health check is disabledCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1.2.1 Configure BGP to Log Neighbor ChangesCIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2 Configure a Remote Backup ScheduleCIS Cisco NX-OS v1.2.0 L1Cisco

CONTINGENCY PLANNING

7.3 Ensure the vSwitch Promiscuous Mode policy is set to rejectCIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

AMLS-L3-000170 - The Arista Multilayer Switch must not redistribute static routes to alternate gateway service provider into an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other Autonomous System.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

ACCESS CONTROL

APPNET0064 - .Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance.DISA Microsoft DotNet Framework 4.0 STIG v2r7Windows

CONFIGURATION MANAGEMENT

ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs.DISA STIG Arista MLS EOS 4.x L2S v2r2Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.DISA STIG Arista MLS EOS 4.x NDM v2r2Arista

MAINTENANCE

Auditing and logging - serverArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

Auditing and logging - severityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

Authorized IP managersArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

Centralized authentication - configurationArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Centralized authentication - tacacs accountingArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Centralized authentication - tacacs authorizationArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.DISA Cisco IOS XR Router RTR STIG v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.DISA Cisco IOS XR Router RTR STIG v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-06-000059 - The virtual switch Forged Transmits policy must be set to reject.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

CONFIGURATION MANAGEMENT

ESXI-70-000061 - All port groups on standard switches must be configured to reject guest promiscuous mode requests.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-80-000218 - The ESXi host must configure virtual switch security policies to reject promiscuous mode requests.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

CONFIGURATION MANAGEMENT

HP ProCurve - 'Configure Management VLAN'TNS HP ProCurveHPProCurve

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Include Login in Session RecordsTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

Include Logout in Session RecordsTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

JUEX-L2-000080 - The Juniper EX switch must be configured to enable Root Protection on STP switch ports connecting to access layer switches.DISA Juniper EX Series Layer 2 Switch v2r3Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Local password complexity - password configuration agingArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

ACCESS CONTROL

PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000225 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000231 The Photon operating system must not perform IPv4 packet forwarding.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000232 The Photon operating system must send TCP timestamps.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000244 The Photon operating system must enable hardlink access control protection in the kernel.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000246 The Photon operating system must restrict core dumps.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

TFTP vs SFTPArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

CONFIGURATION MANAGEMENT

vNetwork : set-non-negotiateVMWare vSphere 5.X Hardening GuideVMware