Item Search

Name	Audit Name	Plugin	Category
1.1.7 Ensure separate partition exists for /var/tmp	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.12 Ensure separate partition exists for /var/log/audit	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
1.1.13 Ensure separate partition exists for /home	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.2.29 (L2) Ensure 'Log on as a service' is configured	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
3.5.1 Ensure DCCP is disabled - modprobe	CIS Debian Family Workstation L2 v1.0.0	Unix	SYSTEM AND INFORMATION INTEGRITY
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl '/etc/issue'	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl '/etc/network'	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.5 Ensure events that modify the system's network environment are collected - auditctl 'issue.net'	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor	CIS Debian Family Workstation L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM x64	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.13 Ensure file deletion events by users are collected - auditctl delete	CIS Debian Family Workstation L2 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
4.1.14 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.15 Ensure system administrator command executions (sudo) are collected - b64 actions	CIS Debian Family Workstation L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.6 (L2) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
5.13 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
5.20 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
5.26 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG	Windows	CONFIGURATION MANAGEMENT
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.6.5.1 (L2) Ensure 'Enable Font Providers' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.6.5.1 (L2) Ensure 'Enable Font Providers' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker	Windows	CONFIGURATION MANAGEMENT
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.43.5.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.10.43.5.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.43.5.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL	Windows	SECURITY ASSESSMENT AND AUTHORIZATION
18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG	Windows	SECURITY ASSESSMENT AND AUTHORIZATION
18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v4.0.0 L2 MS	Windows	SECURITY ASSESSMENT AND AUTHORIZATION
18.10.59.4 (L2) Ensure 'Allow search highlights' is set to 'Disabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.59.4 (L2) Ensure 'Allow search highlights' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
19.7.46.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
61.1 (L2) Ensure 'Disallow Cloud Notification' is set to 'Allow'	CIS Microsoft Intune for Windows 11 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
81.6 (L2) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
81.6 (L2) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
81.14 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
81.21 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - dot1x system-auth-control	DISA STIG Arista MLS DCS-7000 Series L2S v1r3	Arista	IDENTIFICATION AND AUTHENTICATION
CIS Control 2 (2.1(a)) Maintain and Inventory of Authorized Software	CAS Implementation Group 1 Audit File	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search