Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of UDF filesystems is disabledCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.1.3 Ensure passcode is set to have at least 1 numberCIS Zoom L1 v1.0.0Zoom

CONFIGURATION MANAGEMENT

1.1.2.1.1 Have a minimum password lengthCIS Zoom L1 v1.0.0Zoom

CONFIGURATION MANAGEMENT

1.1.2.1.3 Have at least 1 letter (a, b, c...)CIS Zoom L1 v1.0.0Zoom

CONFIGURATION MANAGEMENT

1.2.1 Ensure software update repositories are configuredCIS Bottlerocket L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure dm-verity is configuredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.1 Ensure setuid programs do not create core dumpsCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.2 Ensure address space layout randomization (ASLR) is enabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.3 Ensure unprivileged eBPF is disabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.4 Ensure user namespaces are disabledCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure SELinux is configuredCIS Bottlerocket L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.2 Ensure Lockdown is configuredCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6 Ensure updates, patches, and additional security software are installedCIS Bottlerocket L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.1.1 Ensure chrony is configuredCIS Bottlerocket L1Unix

AUDIT AND ACCOUNTABILITY

2.1.7 (L2) Ensure that an anti-phishing policy has been createdCIS Microsoft 365 Foundations v5.0.0 L2 E5microsoft_azure

SYSTEM AND INFORMATION INTEGRITY

2.1.11 (L2) Ensure comprehensive attachment filtering is appliedCIS Microsoft 365 Foundations v5.0.0 L2 E3microsoft_azure

SYSTEM AND INFORMATION INTEGRITY

2.1.11 (L2) Ensure comprehensive attachment filtering is appliedCIS Microsoft 365 Foundations v5.0.0 L2 E5microsoft_azure

SYSTEM AND INFORMATION INTEGRITY

2.3.3.5 Ensure Remote Login Is DisabledCIS Apple macOS 14.0 Sonoma v2.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.5 Ensure Remote Login Is DisabledCIS Apple macOS 12.0 Monterey v4.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.1 Ensure packet redirect sending is disabledCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not acceptedCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not acceptedCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.3 Ensure secure ICMP redirects are not acceptedCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.4 Ensure suspicious packets are loggedCIS Bottlerocket L2Unix

AUDIT AND ACCOUNTABILITY

3.2.5 Ensure broadcast ICMP requests are ignoredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.6 Ensure bogus ICMP responses are ignoredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure TCP SYN Cookies is enabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.1 Ensure SCTP is disabledCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT

3.4.1.1 Ensure IPv4 default deny firewall policyCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.2 Ensure IPv4 loopback traffic is configuredCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure IPv4 outbound and established connections are configuredCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.1 Ensure IPv6 default deny firewall policyCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.2 Ensure IPv6 loopback traffic is configuredCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.3 Ensure IPv6 outbound and established connections are configuredCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1.1 Ensure journald is configured to write logfiles to persistent diskCIS Bottlerocket L1Unix

AUDIT AND ACCOUNTABILITY

4.1.2 Ensure permissions on journal files are configuredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.1.2 Minimize user access to Container Image repositoriesCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

5.1.2 Minimize user access to Container Image repositoriesCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Minimize cluster access to read-only for Container Image repositoriesCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Minimize cluster access to read-only for Container Image repositoriesCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

6.6.7 Ensure Remote Login Class for Authorization through External AAA - login classCIS Juniper OS Benchmark v2.1.0 L2Juniper

IDENTIFICATION AND AUTHENTICATION

6.6.7 Ensure Remote Login Class for Authorization through External AAA - remote classCIS Juniper OS Benchmark v2.1.0 L2Juniper

IDENTIFICATION AND AUTHENTICATION