Item Search

Name	Audit Name	Plugin	Category
2.2.7 Ensure 'Allow log on locally' is set to 'Administrators, ENTERPRISE DOMAIN CONTROLLERS' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.16 Ensure 'Create permanent shared objects' is set to 'No One'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.20 Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.23 Ensure 'Deny log on as a batch job' to include 'Guests'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.28 Ensure 'Deny log on locally' to include 'Guests'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.37 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.40 Ensure 'Increase scheduling priority' is set to 'Administrators'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.55 Ensure 'Synchronize directory service data' is set to 'No One' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.3.10.3 (L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
2.3.10.3 (L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (MS only)	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL
2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
2.3.13.1 (L1) Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL
2.3.17.3 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL
2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL
4.10.26.2 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL
4.10.26.4 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL
4.11.8.2 (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL
5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "DBMS_CREDENTIAL" Package	CIS Oracle Server 19c DB Unified Auditing v1.2.0	OracleDB	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
5.1.4 Minimize access to create pods	CIS Kubernetes v1.10.0 L1 Master	Unix	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
5.4.2.1 Ensure root is the only UID 0 account	CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server	Unix	ACCESS CONTROL
6.2.9 Ensure root is the only UID 0 account	CIS Red Hat EL8 Server L1 v3.0.0	Unix	ACCESS CONTROL
6.2.9 Ensure root is the only UID 0 account	CIS AlmaLinux OS 8 Server L1 v3.0.0	Unix	ACCESS CONTROL
10.3.10 Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts	CIS Microsoft Azure Foundations v4.0.0 L1	microsoft_azure	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC	Windows	ACCESS CONTROL
18.9.28.4 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	ACCESS CONTROL
18.10.81.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	ACCESS CONTROL
49.17 (L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL
49.20 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL
49.28 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators' is set to 'Prompt for consent on the secure desktop' or higher	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL
49.30 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL
Configure Windows Defender SmartScreen - EnableSmartScreen	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Configure Windows Defender SmartScreen - EnableSmartScreen	MSCT Windows Server 2025 DC v1.0.0	Windows	ACCESS CONTROL
Disallow WinRM from storing RunAs credentials	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Enumerate local users on domain-joined computers	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Join Microsoft MAPS	MSCT Windows Server 2025 DC v1.0.0	Windows	ACCESS CONTROL
Network access: Do not allow anonymous enumeration of SAM accounts and shares	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Network access: Do not allow anonymous enumeration of SAM accounts and shares - RestrictAnonymous	MSCT Windows Server 2025 DC v1.0.0	Windows	ACCESS CONTROL
Network access: Restrict anonymous access to Named Pipes and Shares	MSCT Windows 11 v22H2 v1.0.0	Windows	ACCESS CONTROL
Turn on convenience PIN sign-in	MSCT Windows 11 v22H2 v1.0.0	Windows	ACCESS CONTROL
Turn on convenience PIN sign-in	MSCT Windows 11 v23H2 v1.0.0	Windows	ACCESS CONTROL
Turn on PowerShell Script Block Logging - EnableScriptBlockLogging	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
Turn on PowerShell Script Block Logging - EnableScriptBlockLogging	MSCT Windows 11 v23H2 v1.0.0	Windows	ACCESS CONTROL
User Account Control: Admin Approval Mode for the Built-in Administrator account	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode	MSCT Windows 11 v24H2 v1.0.0	Windows	ACCESS CONTROL
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode - ConsentPromptBehaviorAdmin	MSCT Windows Server 2025 MS v1.0.0	Windows	ACCESS CONTROL
User Account Control: Detect application installations and prompt for elevation	MSCT Windows 11 v22H2 v1.0.0	Windows	ACCESS CONTROL

Detections

Analytics

Item Search