Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Syslog logging should be configured - configurationCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

AUDIT AND ACCOUNTABILITY

1.1.1.2 SNMPv3 traps should be configured - hostCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

AUDIT AND ACCOUNTABILITY

1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1CIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

IDENTIFICATION AND AUTHENTICATION

1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed AttemptsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.6.2 Ensure redundant NTP servers are configured appropriatelyCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

AUDIT AND ACCOUNTABILITY

1.6.3 Ensure that the Certificate Securing Remote Access VPNs is ValidCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

CONFIGURATION MANAGEMENT

2.1 Ensure that IP addresses are mapped to usernamesCIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2 Ensure that WMI probing is disabledCIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto

CONFIGURATION MANAGEMENT

2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

2.7 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule ChangesCIS Google Cloud Platform Foundation v4.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path MonitoringCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

CONFIGURATION MANAGEMENT

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path MonitoringCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring EnabledCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring EnabledCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriatelyCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriatelyCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election SetingsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

4.1.1 Ensure firewalld is installedCIS AlmaLinux OS 8 v4.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure firewalld is installedCIS AlmaLinux OS 8 v4.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure firewalld is installedCIS Oracle Linux 8 v4.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure firewalld is installedCIS Oracle Linux 8 v4.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure firewalld is installedCIS Red Hat Enterprise Linux 8 v4.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1 Ensure that WildFire file size upload limits are maximizedCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.3 Ensure forwarding of decrypted content to WildFire is enabledCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.7 Choosing Wildfire public cloud regionCIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto

CONFIGURATION MANAGEMENT

6.2 Ensure a secure antivirus profile is applied to all relevant security policiesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilitiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zonesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zonesCIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources ExistsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.4 Ensure that logging is enabled on built-in default security policiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Ensure that the Certificate used for Decryption is TrustedCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Ensure iptables is installed - dpkgTenable Cisco Firepower Management Center OS Best Practices AuditUnix

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure iptables is installed - zypperTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT