Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.28 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

2.2.28 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' - LOCAL SERVICE, NETWORK SERVICECIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

3.1.1 (L1) Ensure Microsoft 365 audit log search is EnabledCIS Microsoft 365 Foundations v4.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY

3.2.1 Ensure that a minimal audit policy is createdCIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

AUDIT AND ACCOUNTABILITY

4.1.1.4 Ensure audit_backlog_limit is sufficientCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure audit system is set to single when the disk is full.CIS Amazon Linux 2 STIG v2.0.0 STIGUnix

AUDIT AND ACCOUNTABILITY

4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS CentOS Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Fedora 28 Family Linux Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS CentOS Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS Fedora 28 Family Linux Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS CentOS Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event captureCIS Kubernetes v1.23 Benchmark v1.0.1 L2 WorkerUnix

AUDIT AND ACCOUNTABILITY

4.2.9 Ensure that the eventRecordQPS argument is set to a level which ensures appropriate event captureCIS Kubernetes v1.24 Benchmark v1.0.0 L2 WorkerUnix

AUDIT AND ACCOUNTABILITY

5.1.7 Ensure SSH MaxAuthTries is set to 4 or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS Oracle Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.1.3 Ensure audit_backlog_limit is sufficientCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.1.3 Ensure audit_backlog_limit is sufficientCIS Amazon Linux 2023 Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.1.3 Ensure audit_backlog_limit is sufficientCIS Red Hat EL8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recordedCIS Oracle Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recordedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Red Hat EL8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recordedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'CIS Microsoft 365 Foundations v4.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY

6.2.1.1.4 Ensure journald ForwardToSyslog is disabledCIS Debian Linux 11 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.1.1.4 Ensure journald ForwardToSyslog is disabledCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.1.3 Ensure auditing for processes that start prior to auditd is enabledCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS SUSE Linux Enterprise 15 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.2 Ensure journald ForwardToSyslog is disabledCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Debian Linux 12 v1.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collectedCIS Debian Linux 12 v1.1.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collectedCIS Debian Linux 12 v1.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collectedCIS Debian Linux 12 v1.1.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collectedCIS Oracle Linux 9 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

6.4.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recordedCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.4.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recordedCIS Debian Linux 11 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

7.1.1.10 Ensure that Intune logs are captured and sent to Log AnalyticsCIS Microsoft Azure Foundations v4.0.0 L2microsoft_azure

AUDIT AND ACCOUNTABILITY

8.13 (L1) VMware Tools must enable VMware Tools loggingCIS VMware ESXi 8.0 v1.1.0 L1VMware

AUDIT AND ACCOUNTABILITY

18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

AUDIT AND ACCOUNTABILITY

20.5 Ensure 'Active Directory Domain object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY