Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

CONTINGENCY PLANNING

18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

CONTINGENCY PLANNING

18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows Server 2022 v4.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.7 Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

AADC-CL-000840 - Adobe Acrobat Pro DC Classic privileged file and folder locations must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AADC-CL-001010 - Adobe Acrobat Pro DC Classic Protected Mode must be enabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AADC-CL-001290 - Adobe Acrobat Pro DC Classic Cloud Synchronization must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

AADC-CN-000285 - Adobe Acrobat Pro DC Continuous access to websites must be blocked.DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1Windows

CONFIGURATION MANAGEMENT

Apply local connection security rules - Domain ProfileMSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Disable Power NapNIST macOS Big Sur v1.4.0 - 800-53r5 HighUnix

CONFIGURATION MANAGEMENT

Big Sur - Disable Power NapNIST macOS Big Sur v1.4.0 - 800-53r5 LowUnix

CONFIGURATION MANAGEMENT

Big Sur - Disable Power NapNIST macOS Big Sur v1.4.0 - 800-171Unix

CONFIGURATION MANAGEMENT

Catalina - Disable Power NapNIST macOS Catalina v1.5.0 - 800-53r4 LowUnix

CONFIGURATION MANAGEMENT

DISA_STIG_MSSQL_2012_Instance-DB_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIGDISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB
DISA_STIG_MSSQL_2012_Instance-OS_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIGDISA STIG SQL Server 2012 Database OS Audit v1r20Windows
Monterey - Disable Power NapNIST macOS Monterey v1.0.0 - 800-53r4 ModerateUnix

CONFIGURATION MANAGEMENT

Monterey - Disable Power NapNIST macOS Monterey v1.0.0 - CNSSI 1253Unix

CONFIGURATION MANAGEMENT

WDNS-AU-000003 - The Windows 2012 DNS Server must, in the event of an error validating another DNS servers identity, send notification to the DNS administrator.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

WDNS-CM-000005 - The Windows 2012 DNS Server with a caching name server role must restrict recursive query responses to only the IP addresses and IP address ranges of known supported clients.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

CONFIGURATION MANAGEMENT

WDNS-IA-000008 - The Windows 2012 DNS Server permissions must be set so that the key file can only be read or modified by the account that runs the name server software.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

IDENTIFICATION AND AUTHENTICATION

WDNS-SC-000002 - The Windows 2012 DNS Server must include data origin with authoritative data the system returns in response to external name/address resolution queries.DISA Microsoft Windows 2012 Server DNS STIG v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-UR-000017-MS - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN16-DC-000280 - Domain controllers must have a PKI server certificate.DISA Microsoft Windows Server 2016 STIG v2r10Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000050 - Windows Server 2019 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Microsoft Windows Server 2019 STIG v3r4Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000100 - Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.DISA Microsoft Windows Server 2019 STIG v3r4Windows

ACCESS CONTROL

WN19-DC-000200 - Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.DISA Microsoft Windows Server 2019 STIG v3r4Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN22-DC-000050 - Windows Server 2022 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000100 - Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL

WN22-DC-000160 - Windows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

WN22-DC-000200 - Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY