Item Search

Name	Audit Name	Plugin	Category
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT
2.2.29 (L2) Configure 'Log on as a service'	CIS Microsoft Windows 8.1 v2.4.1 L2	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.4.3 Disable Screen Sharing	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.6.1 Enable FileVault - Encryption Type	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.6.2 Enable Gatekeeper	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.6.4 Enable Firewall Stealth Mode	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.7 Ensure remote access capabilities for the User-ID service account are forbidden.	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 0'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.1 Ensure a fully-synchronized High Availability peer is configured	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
3.1.1 Retain system.log for 90 or more days	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
3.1.2 Retain appfirewall.log for 90 or more days	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
4.4 Ensure http server is not running	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix
5.2.7 Password Age	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.5 Ensure alerts are enabled for malicious files detected by WildFire	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
5.8 Disable automatic login	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.11 Disable ability to login to another user's active and locked session	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.12 Create a custom message for the Login Screen	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
6.1.3 Disable guest account login	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
6.2 Ensure a secure antivirus profile is applied to all relevant security policies	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.3.6 Remove the pam_ccreds Package	CIS Red Hat Enterprise Linux 5 L2 v2.2.1	Unix	CONFIGURATION MANAGEMENT
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.13 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY
6.21 Ensure that 'Wildfire Inline ML' on antivirus profiles are set to enable for all file types	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL, MEDIA PROTECTION
10.4 Force SSL when accessing the manager application via HTTP	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
10.13 Do not run applications as privileged	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL
10.17 Setting Security Lifecycle Listener - check for umask uncommented in startup	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL
10.19 Ensure Manager Application Passwords are Encrypted	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Configure Microsoft Defender SmartScreen to block potentially unwanted apps	MSCT Microsoft Edge Version 80 v1.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search