Item Search

Name	Audit Name	Plugin	Category
2.3.5.3 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.2.8 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.4 (L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.4.7 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.4.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.3 (L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.4 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.53.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.6 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.65.3.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	ACCESS CONTROL
18.10.29.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.29.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.29.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker	Windows	CONFIGURATION MANAGEMENT
Out-of-Band Management port	ArubaOS Switch 16.x Hardening Guide v1.0.0	ArubaOS	SYSTEM AND COMMUNICATIONS PROTECTION
SQL4-00-036100 - SQL Server must generate Trace or Audit records when unsuccessful attempts to add privileges/permissions occur - DATABASE_OBJECT_OWNERSHIP_CH...	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036100 - SQL Server must generate Trace or Audit records when unsuccessful attempts to add privileges/permissions occur - DATABASE_PERMISSION_CHANGE_GROUP	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036100 - SQL Server must generate Trace or Audit records when unsuccessful attempts to add privileges/permissions occur - Event ID 109	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 43	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 82	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 83	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 85	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 86	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 87	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 89	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 90	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 91	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 102	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 111	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 162	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 172	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - SERVER_OBJECT_PERMISSION_CHANGE_GROUP	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - SERVER_PERMISSION_CHANGE_GROUP	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - SERVER_ROLE_MEMBER_CHANGE_GROUP	DISA STIG SQL Server 2014 Instance DB Audit v2r4	MS_SQLDB	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search