Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.18.7 (L1) Ensure 'extensions.blocklist.enabled' is set to 'Enabled'CIS Mozilla Firefox ESR GPO v1.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Verify Image Profile and VIB Acceptance LevelsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
1.8.3 Ensure last logged in user display is disabled - disable user listCIS CentOS 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.8.3 Ensure last logged in user display is disabled - disable user listCIS CentOS 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.8.3 Ensure last logged in user display is disabled - disable user listCIS Oracle Linux 6 Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.8.3 Ensure last logged in user display is disabled - disable user listCIS Oracle Linux 6 Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.8.8 Ensure GDM autorun-never is enabledCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

MEDIA PROTECTION

1.8.8 Ensure GDM autorun-never is enabledCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

MEDIA PROTECTION

1.9 Ensure GDM is removed or login is configured - disable-user-listCIS Debian Family Workstation L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.10 Ensure GDM is removed or login is configured - disable-user-listCIS Fedora 19 Family Linux Server L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.10 Ensure GDM is removed or login is configured - disable-user-listCIS Fedora 19 Family Linux Workstation L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.2 Set 'Only use the ActiveX Installer Service for installation of ActiveX Controls' to 'Enabled'CIS IE 9 v1.0.0Windows

CONFIGURATION MANAGEMENT

2.2.1.5 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled'MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L2MDM

CONFIGURATION MANAGEMENT

2.2.1.6 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled'MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2MDM

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.2.1.6 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled'MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 End User OwnedMDM

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.2.1.6 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled'AirWatch - CIS Apple iOS 18 v1.0.0 L2 End User OwnedMDM

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.2.1.6 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled'MobileIron - CIS Apple iOS 18 v1.0.0 L2 End User OwnedMDM

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.10.11 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configuredCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL

2.4.1.1 Ensure cron daemon is enabled and activeCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Debian Linux 11 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.5.10.8.4.1 (L1) Ensure 'Add e-mail recipients to users' Safe Senders Lists' is set to 'Disabled'CIS Microsoft Intune for Office v1.1.0 L1Windows

CONFIGURATION MANAGEMENT

4.2 Ensure 'Software Update' returns 'Your software is up to date.'AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure excessive administrative privileges are revokedCIS PostgreSQL 17 v1.0.0 L1 PostgreSQLPostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4.2 Block applications running on non-default portsCIS Fortigate 7.0.x v1.3.0 L2FortiGate

SYSTEM AND INFORMATION INTEGRITY

5.2 Set 'Check for server certificate revocation' to 'Enabled'CIS IE 11 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated BackupsCIS Google Cloud Platform v3.0.0 L1GCP

CONTINGENCY PLANNING

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

DB2X-00-004520 - When using command-line tools such as db2, users must use a Connect method that does not expose the password.DISA STIG IBM DB2 v10.5 LUW v2r1 DatabaseIBM_DB2DB

IDENTIFICATION AND AUTHENTICATION

DTOO223 - Trust EMail from senders in receivers contact list must be enforced.DISA STIG Microsoft Outlook 2013 v1r14Windows

CONFIGURATION MANAGEMENT

DTOO271 - Automatic download content for email in Safe Senders list must be disallowed.DISA STIG Microsoft Outlook 2016 v2r3Windows

CONFIGURATION MANAGEMENT

ESXI-65-000003 - The ESXi host must verify the exception users list for lockdown mode.DISA STIG VMware vSphere ESXi 6.5 v2r4VMware

CONFIGURATION MANAGEMENT

ESXI-67-000003 - The ESXi host must verify the exception users list for Lockdown Mode.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

FFOX-00-000006 - Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.DISA STIG Mozilla Firefox MacOS v6r6Unix

SYSTEM AND INFORMATION INTEGRITY

JUNI-ND-001430 - The Juniper router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.DISA STIG Juniper Router NDM v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Logs containing auditing information should be secured at the directory level.TNS IBM HTTP Server Best PracticeWindows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

RHEL-06-000001 - The system must use a separate file system for /tmp.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-07-020029 - The Red Hat Enterprise Linux operating system must use a file integrity tool to verify correct operation of all security functions.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

SYSTEM AND INFORMATION INTEGRITY

SLES-15-010419 - The SUSE operating system must use a file integrity tool to verify correct operation of all security functions.DISA SUSE Linux Enterprise Server 15 STIG v2r4Unix

SYSTEM AND INFORMATION INTEGRITY

SPLK-CL-000450 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST APISplunk

SYSTEM AND COMMUNICATIONS PROTECTION

VCUI-67-000020 - vSphere UI must set the welcome-file node to a default web page.DISA STIG VMware vSphere 6.7 UI Tomcat v1r3Unix

SYSTEM AND INFORMATION INTEGRITY

WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

IDENTIFICATION AND AUTHENTICATION

WG204 A22 - A web server must be segregated from other services.DISA STIG Apache Server 2.2 Unix v1r11Unix
WN12-CC-000020 - An Error Report must not be sent when a generic device driver is installed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT