Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.5.2.1 Set 'Windows Firewall: Private: Firewall state' to 'On (recommended)'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5.3.1 Set 'Windows Firewall: Public: Outbound connections' to 'Allow (default)'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5.3.4 Set 'Windows Firewall: Public: Logging: Log dropped packets' to 'Yes'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.14 Ensure that the admission control plugin NodeRestriction is setCIS Kubernetes v1.11.1 L2 Master NodeUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Ensure IP forwarding is disabled - sysctlCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled - 'net.ipv4.conf.default.send_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.all.send_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.default.send_redirects = 0 - sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route = 0 - sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.default.secure_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.all.rp_filter = 1 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.8 Ensure TCP SYN Cookies is enabled (sysctl.conf/sysctl.d)CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects' (sysctl.conf/sysctl.d)CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - 'sysctl net.ipv6.conf.default.accept_redirects = 0'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2 Ensure /etc/hosts.allow is configuredCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3 Ensure /etc/hosts.deny is configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure iptables package is installedCIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure iptables package is installedCIS SUSE Linux Enterprise 12 v3.2.1 L1 WorkstationUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.2 Ensure outbound and established connections are configuredCIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3 Ensure IPv6 firewall rules exist for all open portsCIS SUSE Linux Enterprise 12 v3.2.1 L1 WorkstationUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure Content trust for Docker is EnabledCIS Docker v1.7.0 L2 Docker - LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.2.3 Minimize the admission of containers wishing to share the host process ID namespaceCIS Kubernetes v1.11.1 L1 Master NodeUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Ensure sensitive host system directories are not mounted on containersCIS Docker v1.7.0 L1 Docker - LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure the 'addressExcludeList' attribute is set to a whitelist of hostnamesCIS IBM WebSphere Liberty v1.0.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'CIS Windows 7 Workstation Level 1 v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Windows Server 2012 MS L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Inbound Connections - Domain ProfileMSCT Windows Server v1909 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Inbound Connections - Private ProfileMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Inbound Connections - Public ProfileMSCT Windows Server 1903 DC v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Inbound Connections - Public ProfileMSCT Windows Server v1909 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Outbound Connections - Domain ProfileMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Outbound Connections - Private ProfileMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Outbound Connections - Private ProfileMSCT Windows 10 v20H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Outbound Connections - Public ProfileMSCT Windows 10 v20H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Outbound Connections - Public ProfileMSCT Windows 10 v21H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn off downloading of print drivers over HTTPMSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn off downloading of print drivers over HTTPMSCT Windows 10 1909 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT Windows 10 1909 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connectionsMSCT Windows Server v2004 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Windows Defender Firewall: Protect all network connections - Domain ProfileMSCT Windows 10 1809 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION