Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Install only required packagesCIS PostgreSQL 13 v1.3.0 L1 Database UnixUnix

CONFIGURATION MANAGEMENT

1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in UseCIS PostgreSQL 13 v1.3.0 L1 Database UnixUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.32 WN19-00-000320CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT IIWindows

CONFIGURATION MANAGEMENT

1.98 WN19-CC-000040CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT IIIWindows

CONFIGURATION MANAGEMENT

1.132 WN19-CC-000390CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT IIWindows

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'CIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure extension directory has appropriate ownership and permissionsCIS PostgreSQL 13 v1.3.0 L1 Database UnixUnix

ACCESS CONTROL, MEDIA PROTECTION

2.4 Ensure Passwords are Not Stored in the service fileCIS PostgreSQL 13 v1.3.0 L1 Database UnixUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.9 Ensure 'Trustworthy' Database Property is set to 'Off'CIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

ACCESS CONTROL

2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

SYSTEM AND INFORMATION INTEGRITY

2.14 Ensure 'sa' Login Account has been renamedCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

CONFIGURATION MANAGEMENT

2.14 Ensure the 'sa' Login Account has been renamedCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.17 Ensure no login exists with the name 'sa'CIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.8 Ensure the maximum log file lifetime is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.9 Ensure the maximum log file size is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.16 Ensure 'debug_print_parse' is disabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.17 Ensure 'debug_print_rewritten' is disabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.20 Ensure 'log_connections' is enabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_error_verbosity' is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.23 Ensure 'log_hostname' is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.26 Ensure 'log_timezone' is set correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.8 Ensure only the default permissions specified by Microsoft are granted to the public server roleCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure 'MUST_CHANGE' Option is set to 'ON' for All SQL Authenticated LoginsCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

IDENTIFICATION AND AUTHENTICATION

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

ACCESS CONTROL

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL

4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated LoginsCIS SQL Server 2012 Database L1 DB v1.6.0MS_SQLDB

IDENTIFICATION AND AUTHENTICATION

4.3 Ensure excessive administrative privileges are revokedCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4 Lock Out Accounts if Not Currently in UseCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

ACCESS CONTROL

4.6 Ensure excessive DML privileges are revokedCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.7 Ensure Row Level Security (RLS) is configured correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.10 Ensure all accounts that can log in have passwordsCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

IDENTIFICATION AND AUTHENTICATION

5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12'CIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.2 Ensure PostgreSQL is Bound to an IP AddressCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

PLANNING, SYSTEM AND SERVICES ACQUISITION

5.13 Disable ability to login to another user's active and locked sessionCIS Apple macOS 10.12 L1 v1.2.0Unix

ACCESS CONTROL

6.1 Understanding attack vectors and runtime parametersCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT

6.6 Ensure 'User' Runtime Parameters are ConfiguredCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT

6.9 Ensure the TLSv1.0 and TLSv1.1 Protocols are DisabledCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.11 Ensure the pgcrypto extension is installed and configured correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure streaming replication parameters are configured correctlyCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'SQL Server Browser Service' is configured correctlyCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

SYSTEM AND INFORMATION INTEGRITY

8.1 Ensure PostgreSQL subdirectory locations are outside the data clusterCIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDBPostgreSQLDB

CONFIGURATION MANAGEMENT

SQL2-00-003400 - SQL Server must enforce access control policies to restrict the Authenticate server permission to only authorized roles.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

ACCESS CONTROL

SQL2-00-003700 - SQL Server must not grant users direct access to the Create server role permission.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

ACCESS CONTROL

SQL2-00-005100 - SQL Server must not grant users direct access to the Alter Settings permission.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

ACCESS CONTROL

SQL2-00-005500 - SQL Server must not grant users direct access to the Alter any linked server permission.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

ACCESS CONTROL

SQL6-D0-015500 - SQL Server must generate audit records for all direct access to the database(s) - audits.DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDBMS_SQLDB

AUDIT AND ACCOUNTABILITY