Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Ensure the container host has been HardenedCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

CONFIGURATION MANAGEMENT

1.2 Harden the container hostCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

3.1 Ensure that unused policies are reviewed regularlyCIS FortiGate 7.4.x v1.0.1 L2FortiGate

CONFIGURATION MANAGEMENT

4.1.3 Ensure network interface zone is configuredCIS Amazon Linux 2 v4.0.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2 (L2) Ensure device enrollment for personally owned devices is blocked by defaultCIS Microsoft 365 Foundations v6.0.1 L2 E3microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
Ensure 'console session timeout' is less than or equal to '5' minutesTenable Cisco Firepower Best Practices AuditCisco

ACCESS CONTROL

Ensure 'Host Name' is setTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'logging with timestamps' is enabledTenable Cisco Firepower Best Practices AuditCisco

AUDIT AND ACCOUNTABILITY

Ensure 'noproxyarp' is enabled for untrusted interfacesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'RIP authentication' is enabledTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'snmp-server host' is set to 'version 3'Tenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure DHCP services are disabled for untrusted interfaces - dhcpdTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure DHCP services are disabled for untrusted interfaces - dhcprelayTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure packet fragments are restricted for untrusted interfacesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Fortigate - Alert Emails - 'admin address'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

SYSTEM AND INFORMATION INTEGRITY

Fortigate - AV License - Not ExpiredTNS Fortigate FortiOS Best Practices v2.0.0FortiGate

CONFIGURATION MANAGEMENT

Fortigate - Disable auto USB installation - 'config'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

CONFIGURATION MANAGEMENT

Fortigate - Does not use self-signed certificate - 'admin'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

IDENTIFICATION AND AUTHENTICATION

Fortigate - Does not use self-signed certificate - 'user'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

IDENTIFICATION AND AUTHENTICATION

Fortigate - External Logging - 'fortianalyzer2'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

AUDIT AND ACCOUNTABILITY

Fortigate - External Logging - 'syslog3'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

AUDIT AND ACCOUNTABILITY

Fortigate - Fortianalyzer3 Logs - severity 'information'TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

AUDIT AND ACCOUNTABILITY

Fortigate - full-first-warning-threshold <= 75%TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

AUDIT AND ACCOUNTABILITY

Fortigate - HTTPS/SSH admin access strong ciphersTNS Fortigate FortiOS Best Practices v2.0.0FortiGate

ACCESS CONTROL

Fortigate - Inactivity timeout - 'global' <= 5TNS Fortigate FortiOS Best Practices v2.0.0FortiGate

ACCESS CONTROL

Fortigate - NTP server configuration - *.ntp.orgTNS Fortigate FortiOS Best Practices v2.0.0FortiGate

AUDIT AND ACCOUNTABILITY

Fortigate - Password Expiry date <= 30 daysTNS Fortigate FortiOS Best Practices v2.0.0FortiGate

IDENTIFICATION AND AUTHENTICATION

Fortigate - SNMP v3 uses AES instead of DESTNS Fortigate FortiOS Best Practices v2.0.0FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Token Endpoint URL'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Key'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Default Scope'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Consumer Secret'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Execution User ID'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce is not configured'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : AuthConfig - 'Auth Providers in use'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Email Services - 'IsTextAttachmentsAsBinary = False'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : Monitoring Login History - 'Inactive System Administrators'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Network-Based Security - 'Login IP Addresses'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

AUDIT AND ACCOUNTABILITY

Salesforce.com : Network-Based Security - 'Trusted IP Ranges exist'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

SYSTEM AND COMMUNICATIONS PROTECTION

Salesforce.com : Object Permissions - 'DefaultOpportunityAccess should not be Public Read/Write or Public Read/Write/Transfer'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Setting Password Policies - 'lockout period >= 30 minutes'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Setting Password Policies - 'Must mix numbers, uppercase and lowercase letters, and special characters'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Session Security - 'Enable caching and autocomplete = false'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

CONFIGURATION MANAGEMENT

Salesforce.com : Setting Session Security - 'Enable clickjack protection for non-setup Salesforce pages = true'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

SYSTEM AND COMMUNICATIONS PROTECTION

Salesforce.com : Setting Session Security - 'Enable CSRF protection on GET requests on non-setup pages = true'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

SYSTEM AND COMMUNICATIONS PROTECTION

Salesforce.com : Setting Session Security - 'Lock session to IP = true'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

SalesForce.com : Setting Session Security - 'Review Active Users'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Apex Mobile User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Salesforce CRM Content User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com