Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.7.2 Disable iPXE (Pre-boot eXecution Environment)CIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.10 Use Dedicated "mgmt" Interface and VRF for Administrative FunctionsCIS Cisco NX-OS v1.2.0 L2Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

2.1.1.2 Set version 2 for 'ip ssh version'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

2.1.1.2 Set version 2 for 'ip ssh version'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

CONFIGURATION MANAGEMENT

2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

3.2.3 Disable Proxy ARP on all Layer 3 InterfacesCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Configure Storm ControlCIS Cisco NX-OS v1.2.0 L2Cisco

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.5.2 Configure FCoE ZoningCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

19.7.15.1.1 Ensure 'Turn off Preview Pane' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

AMLS-L3-000190 - The Arista Multilayer Switch must enforce that the managed network domain and the management network domain are separate routing domains and the Interior Gateway Protocol instances are not redistributed or advertised to each other.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

ACCESS CONTROL

AMLS-L3-000200 - The Arista Multilayer Switch must enforce that any interface used for out-of-band management traffic is configured to be passive for the Interior Gateway Protocol that is utilized on that management interface.DISA STIG Arista MLS DCS-7000 Series RTR v1r4Arista

ACCESS CONTROL

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 1DISA STIG Arista MLS DCS-7000 Series NDM v1r4Arista

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 2DISA STIG Arista MLS DCS-7000 Series NDM v1r4Arista

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000370 - The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system - all loggingDISA STIG Arista MLS DCS-7000 Series NDM v1r4Arista

AUDIT AND ACCOUNTABILITY

AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - show loggingDISA STIG Arista MLS DCS-7000 Series NDM v1r4Arista

AUDIT AND ACCOUNTABILITY

ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Disable Telnet IPv6Tenable Best Practices Brocade FabricOSBrocade

CONFIGURATION MANAGEMENT

Brocade - SCP server host is approvedTenable Best Practices Brocade FabricOSBrocade

ACCESS CONTROL

CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

Default Authentication RealmTenable Cisco ACICisco_ACI

ACCESS CONTROL

GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

IDENTIFICATION AND AUTHENTICATION

GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts.DISA STIG for Oracle Linux 5 v2r1Unix

IDENTIFICATION AND AUTHENTICATION

GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group - roles=rootDISA STIG Solaris 10 X86 v2r4Unix

IDENTIFICATION AND AUTHENTICATION

GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group.DISA STIG for Oracle Linux 5 v2r1Unix

ACCESS CONTROL

PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000227 The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000229 The Photon operating system must use a reverse-path filter for IPv4 network traffic.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

vNetwork : reject-forged-transmit - 'PortGroup'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-forged-transmit - 'vSwitch'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-forged-transmit-StandardSwitchVMWare vSphere 6.5 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode - 'portgroup'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode - 'vswitch'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode-StandardSwitchVMWare vSphere 6.5 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION