Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Prevent Database Users from Logging into the Operating SystemCIS IBM DB2 11 v1.1.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

2.3.5.5 Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' (DC only)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

3.5 Ensure the SQL Server's MSSQL Service Account is Not an AdministratorCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL

3.042 - Outgoing secure channel traffic is not signed when possible.DISA Windows Vista STIG v6r41Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.043 - Outgoing secure channel traffic is not encrypted when possible.DISA Windows Vista STIG v6r41Windows

SYSTEM AND COMMUNICATIONS PROTECTION

6.2.3 Review Role MembersCIS IBM DB2 11 v1.1.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedCIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION

18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedCIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.2.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL

18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION

18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

ACCESS CONTROL

18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

ACCESS CONTROL

18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'CIS Windows 7 Workstation Level 1 v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.2.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only)CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'CIS Windows 7 Workstation Level 1 v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.3.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.3.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.3.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.3.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' (MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.3.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higherCIS Microsoft Windows Server 2022 v4.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.8 Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higherCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.DISA STIG SQL Server 2016 Instance OS Audit v3r4Windows

CONFIGURATION MANAGEMENT

WDNS-IA-000011 - The Windows 2012 DNS Server must implement a local cache of revocation data for PKIauthentication in the event revocation information via the network is not accessible.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

IDENTIFICATION AND AUTHENTICATION

WDNS-SC-000008 - The Windows 2012 DNS Server must be configured with the DS RR carrying the signature for the RR that contains the public key of the child zone.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WDNS-SC-000015 - The Windows DNS secondary server must request data integrity verification from the primary server when requesting name/address resolution.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WDNS-SC-000017 - The Windows DNS secondary server must validate data integrity verification on the name/address resolution responses received from primary name servers.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WDNS-SC-000018 - The Windows DNS secondary server must validate data origin verification authentication on the name/address resolution responses received from primary name servers.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WDNS-SI-000007 - The Windows 2012 DNS Server must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND INFORMATION INTEGRITY

WN10-SO-000045 - Outgoing secure channel traffic must be signed when possible.DISA Microsoft Windows 10 STIG v3r4Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN10-SO-000050 - The computer account password must not be prevented from being reset.DISA Microsoft Windows 10 STIG v3r4Windows

CONFIGURATION MANAGEMENT

WN11-SO-000045 - Outgoing secure channel traffic must be signed.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-SO-000050 - The computer account password must not be prevented from being reset.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN12-CC-000138 - The display of slide shows on the lock screen must be disabled (Windows 2012 R2).DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000013 - Outgoing secure channel traffic must be encrypted when possible.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000013 - Outgoing secure channel traffic must be encrypted when possible.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000014 - Outgoing secure channel traffic must be signed when possible.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000014 - Outgoing secure channel traffic must be signed when possible.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN16-SO-000090 - The setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.DISA Microsoft Windows Server 2016 STIG v2r10Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN16-SO-000110 - The computer account password must not be prevented from being reset.DISA Microsoft Windows Server 2016 STIG v2r10Windows

IDENTIFICATION AND AUTHENTICATION

WN19-MS-000040 - Windows Server 2019 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems.DISA Microsoft Windows Server 2019 STIG v3r4Windows

IDENTIFICATION AND AUTHENTICATION

WN22-MS-000040 - Windows Server 2022 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION

WN22-SO-000090 - Windows Server 2022 computer account password must not be prevented from being reset.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION