Item Search

Name	Audit Name	Plugin	Category
1.2.31 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master	Unix	CONFIGURATION MANAGEMENT
1.2.34 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master	Unix	CONFIGURATION MANAGEMENT
1.3.4 (L1) Ensure 'User owned apps and services' is restricted	CIS Microsoft 365 Foundations v5.0.0 L1 E3	microsoft_azure	CONFIGURATION MANAGEMENT
1.10 (L2) Host hardware must enable Intel SGX, if available	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
2.1.1.2 Set version 2 for 'ip ssh version'	CIS Cisco IOS 15 L1 v4.1.1	Cisco	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.3 Ensure all data in Amazon S3 has been discovered, classified, and secured when necessary	CIS Amazon Web Services Foundations v5.0.0 L2	amazon_aws	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.7.2 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.7.2 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.7.2 Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.7.3 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.10.2 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.4.6 Ensure 'Maximum number of failed attempts' is set to '6'	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL
3.1.1 Ensure IP forwarding is disabled - sysctl ipv4	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.1 Ensure IP forwarding is disabled - sysctl ipv6	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv4	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.2 Ensure packet redirect sending is disabled - 'net.ipv4.conf.all.send_redirects = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.2 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.2 Ensure packet redirect sending is disabled - systctl net.ipv4.conf.all.send_redirects	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.default.accept_source_route = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.secure_redirects	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.secure_redirects	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.5 Ensure broadcast ICMP requests are ignored - sysctl net.ipv4.icmp_echo_ignore_broadcasts	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.6 Ensure bogus ICMP responses are ignored - 'net.ipv4.icmp_ignore_bogus_error_responses = 1'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.all.rp_filter = 1	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.all.rp_filter	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.default.rp_filter	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.8 Ensure TCP SYN Cookies is enabled - net.ipv4.tcp_syncookies = 1	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.8 Ensure TCP SYN Cookies is enabled - sysctl net.ipv4.tcp_syncookies	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.25 (L1) Host must display a login banner for SSH connections	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
8.4 (L2) VMware Tools on deployed virtual machines must prevent being recustomized	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
10.5 Rename the manager application - webapps/manager	CIS Apache Tomcat 10 L2 v1.1.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH	CIS Apache Tomcat 10 L2 v1.1.0	Unix	CONFIGURATION MANAGEMENT
10.10 Configure maxHttpHeaderSize	CIS Apache Tomcat 10.1 v1.1.0 L2	Unix	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
10.10 Configure maxHttpHeaderSize	CIS Apache Tomcat 9 L2 v1.2.0	Unix	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
10.10 Configure maxHttpHeaderSize	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.37.1.1 (L2) Ensure 'Turn off Windows Location Provider' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
19.7.42.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Windows Server 2012 MS L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
19.7.42.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search