Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4.7 Set 'logging source interface'CIS Cisco IOS XR 7.x v1.0.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

2.2.5 Set 'logging trap informational'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AUDIT AND ACCOUNTABILITY

4.1.3.1 Ensure events that modify date and time information are collected - /etc/localtimeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.1 Ensure events that modify date and time information are collected - adjtimex (64-bit)CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collectedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.3.6 Ensure successful file system mounts are collected - 64-bitCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 adjtimexCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 adjtimexCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 adjtimexCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules time-changeCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadowCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwdCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/shadowCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d/CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d/CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchownCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchownCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b32 chmod fchmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b32 chown fchownCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b64 chmod fchmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b64 chown fchownCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattrCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERMCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCESCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.12 Ensure use of privileged commands is collectedCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl b32CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl b32CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl b64CIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - b64CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.16 Ensure system administrator actions (sudolog) are collectedCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.4 Ensure 'Send connector: Configure protocol logging' is set to 'Verbose'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - /audit existsCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - /etc/security/audit/config updateCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - audit startupCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

6.2 AIX Auditing - auditclasses updateCIS IBM AIX 7.1 L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 9 L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

17.2.2 Ensure 'Audit Computer Account Management' is set to include 'Success' (DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY