Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.2.2 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure'CIS Windows 8 L1 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure'CIS Windows 8 L1 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

1.1.2.25 Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success'CIS Windows 8 L1 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

1.1.2.50 Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure'CIS Windows 8 L1 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

AUDIT AND ACCOUNTABILITY

3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

3.2.4 Ensure suspicious packets are logged - 'sysctl net.ipv4.conf.default.log_martians'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - 'adjtimex - 64bit'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - 'adjtimex'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - 'clock_settime - 64bit'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' (64-bit)CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'auditctl EPERM'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'EPERM' (64-bit)CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl modprobe'CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - '*.crit /var/log/warn'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - '*.emerg :omusrmsg:*'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages'CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'local2,local3.* -/var/log/localmessages'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages'CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.1.2 Ensure logging is configured - 'mail.info -/var/log/mail.info'CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

5.1 Ensure that system activity is auditedCIS MongoDB 3.2 L1 Unix Audit v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2 Ensure that audit filters are configured properlyCIS MongoDB 3.2 L1 Windows Audit v1.0.0Windows

AUDIT AND ACCOUNTABILITY

5.2 Ensure that audit filters are configured properlyCIS MongoDB 3.4 L1 Unix Audit v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3 Ensure SSH LogLevel is set to INFOCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 3.4 L2 Windows Audit v1.0.0Windows

AUDIT AND ACCOUNTABILITY

9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.5.1 Ensure 'Audit Account Lockout' is set to include 'Failure'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.5.2 Ensure 'Audit Logoff' is set to include 'Success'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'CIS Windows 7 Workstation Level 1 v3.2.0Windows

AUDIT AND ACCOUNTABILITY

Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure discretionary access control permission modification events are collected - b32 chown fchownTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify date and time information are collected - audit.rules b64 clock_settimeTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify date and time information are collected - auditctl b64 adjtimexTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify the system's network environment are collected - auditctl /etc/hostsTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify user/group information are collected - /etc/gshadowTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure events that modify user/group information are collected - /etc/shadowTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure kernel module loading and unloading is collected - insmodTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure successful file system mounts are collected - auditctl b64Tenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martiansTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure suspicious packets are logged - sysctl ipv4 all log_martiansTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCESTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCESTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Logs containing auditing information should be secured at the directory level.TNS IBM HTTP Server Best Practice MiddlewareUnix

AUDIT AND ACCOUNTABILITY