Item Search

Name	Audit Name	Plugin	Category
2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6	NetApp Security Hardening Guide for ONTAP 9 v1.7.0	Netapp_API	IDENTIFICATION AND AUTHENTICATION
19.7.15.1.1 Ensure 'Turn off Preview Pane' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	ACCESS CONTROL
ESXI-70-000002 - The ESXi host must verify the DCUI.Access list.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	ACCESS CONTROL
ESXI-70-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	IDENTIFICATION AND AUTHENTICATION
ESXI-70-000039 - Active Directory ESX Admin group membership must not be used when adding ESXi hosts to Active Directory.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	IDENTIFICATION AND AUTHENTICATION
ESXI-70-000042 - The ESXi host must terminate shell services after 10 minutes.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
ESXI-70-000043 - The ESXi host must log out of the console UI after two minutes.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
ESXI-70-000050 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000057 - The ESXi host must configure the firewall to block network traffic by default - outgoing	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000061 - All port groups on standard switches must be configured to reject guest promiscuous mode requests.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000062 - Use of the dvFilter network application programming interfaces (APIs) must be restricted.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN).	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000070 - The ESXi host must not provide root/administrator-level access to Common Information Model (CIM)-based hardware monitoring tools or other third-party applications.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000079 - The ESXi host must not suppress warnings that the local or remote shell sessions are enabled.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000087 - The ESXi host must enable volatile key destruction.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000089 - The ESXi Host Client must be configured with a session timeout.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000091 - The ESXi host must be configured with an appropriate maximum password age.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
ESXI-70-000097 - The ESXi Common Information Model (CIM) service must be disabled.	DISA STIG VMware vSphere 7.0 ESXi v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000003 - The vCenter Server must enforce a 60-day maximum password lifetime restriction.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	IDENTIFICATION AND AUTHENTICATION
VCTR-67-000004 - The vCenter Server must terminate management sessions after 10 minutes of inactivity.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
VCTR-67-000008 - The vCenter Server must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	AUDIT AND ACCOUNTABILITY
VCTR-67-000009 - The vCenter Server must implement Active Directory authentication.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	IDENTIFICATION AND AUTHENTICATION
VCTR-67-000014 - The vCenter Server must set the distributed port group MAC Address Change policy to reject.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000019 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000020 - The vCenter Server must not configure all port groups to VLAN values reserved by upstream physical switches.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000025 - The vCenter Server must disable the managed object browser (MOB) at all times when not required for troubleshooting or maintenance of managed objects.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000036 - The vCenter Server must produce audit records containing information to establish what type of events occurred.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND INFORMATION INTEGRITY
VCTR-67-000041 - The vCenter Server passwords must contain at least one lowercase character.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	IDENTIFICATION AND AUTHENTICATION
VCTR-67-000046 - The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	ACCESS CONTROL
VCTR-67-000047 - The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	ACCESS CONTROL
VCTR-67-000051 - The vCenter Server users must have the correct roles assigned.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
VCTR-67-000052 - The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000055 - The vCenter Server must configure the vSAN Datastore name to a unique name.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000059 - The vCenter Server must enable certificate based authentication.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000063 - The vCenter Server must restrict access to the cryptographic role.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000070 - The vCenter Server must not automatically refresh client sessions.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
VCTR-67-000071 - The vCenter Server must terminate management sessions after 10 minutes of inactivity.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
VCTR-67-000072 - The vCenter Server services must be ran using a service account instead of a built-in Windows account.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000075 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	CONFIGURATION MANAGEMENT
VCTR-67-000999 - The version of vCenter running on the system must be a supported version.	DISA STIG VMware vSphere 6.7 vCenter v1r4	VMware	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search