Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrationsCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

3.7 Ensure proxies pass source IP information - X-Real-IPCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

4.1.1.1 Ensure auditd is installed - audit-libsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure auditd service is enabledCIS Fedora 28 Family Linux Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure rsyslog service is enabledCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure rsyslog service is enabled and runningCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure auditing for processes that start prior to auditd is enabledCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.1 Ensure rsyslog is installedCIS Red Hat 6 Workstation L1 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configuredCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure rsyslog service is enabledCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1 Ensure syslog-ng service is enabledCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.2 Ensure systemd-journal-remote is configuredCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.1.2 Ensure systemd-journal-remote is configuredCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure logging is configuredCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.2.3 Ensure journald is configured to write logfiles to persistent diskCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.2.6 Ensure journald log rotation is configured per site policyCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.3 Ensure rsyslog or syslog-ng is installedCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.2.14 Ensure sshd LogLevel is configuredCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.1.1 Ensure rsyslog is installedCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.1.1 Ensure rsyslog is installedCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.2.6 Ensure journald log rotation is configured per site policyCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.1.15 Ensure sshd LogLevel is configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian 10 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.1.4 Ensure auditd service is enabledCIS CentOS Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.6.1 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weeklyCIS Microsoft 365 Foundations E5 L1 v3.1.0microsoft_azure

AUDIT AND ACCOUNTABILITY

6.2.1.1 Ensure journald service is enabled and activeCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.3 Ensure journald log file rotation is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.3 Ensure journald log file rotation is configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.4 Ensure audit_backlog_limit is sufficientCIS Debian Linux 12 v1.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.4 Ensure journald Storage is configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.2 Ensure rsyslog service is enabled and activeCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.4.1.4 Ensure audit_backlog_limit is sufficientCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

AUDIT AND ACCOUNTABILITY

9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

AUDIT AND ACCOUNTABILITY