Item Search

Name	Audit Name	Plugin	Category
2.1.1.2 Ensure chrony is configured	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	IDENTIFICATION AND AUTHENTICATION
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL
3.2.1 Ensure source routed packets are not accepted	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.3.1.1 Ensure IPv6 default deny firewall policy	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	IDENTIFICATION AND AUTHENTICATION
4.1.2.2 Ensure journald is configured to write logfiles to persistent disk	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure permissions on all logfiles are configured	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" Packages	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" Packages	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" Packages	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
5.1.7 Ensure SSH MaxAuthTries is set to 4 or less	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
5.1.18 Ensure SSH warning banner is configured	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT
5.1.20 Ensure SSH AllowTcpForwarding is disabled	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.1.22 Ensure SSH MaxSessions is set to 4 or less	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT
5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL, MEDIA PROTECTION
5.3.1.2 Ensure minimum days between password changes is 7 or more	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	IDENTIFICATION AND AUTHENTICATION
5.3.1.3 Ensure password expiration warning days is 7 or more	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	IDENTIFICATION AND AUTHENTICATION
5.3.3 Ensure default group for the root account is GID 0	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
6.1.5 Ensure permissions on /etc/passwd- are configured	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
6.1.7 Ensure permissions on /etc/group- are configured	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
6.1.8 Ensure permissions on /etc/gshadow- are configured	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
6.1.14 Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is Enabled	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	AUDIT AND ACCOUNTABILITY
6.2.6 Ensure root PATH Integrity	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT
6.2.11 Ensure no users have .forward files	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
6.2.12 Ensure no users have .netrc files	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.2.13 Ensure users' .netrc Files are not group or world accessible	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	ACCESS CONTROL, MEDIA PROTECTION
18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	SYSTEM AND INFORMATION INTEGRITY
49.13 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.13 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Salesforce.com : AuthConfig - 'Auth Providers = Facebook is not configured'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	CONFIGURATION MANAGEMENT
Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Consumer Secret'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS is not configured'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	CONFIGURATION MANAGEMENT
Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Token Endpoint URL'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers in use'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Data Access Control - 'Enable CSRF protection on GET requests on non-setup pages = true'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	SYSTEM AND COMMUNICATIONS PROTECTION
Salesforce.com : Email Services - 'IsErrorRoutingEnabled = True'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	SYSTEM AND INFORMATION INTEGRITY
Salesforce.com : Object Permissions - 'DefaultLeadAccess should not be Public Read/Write or Public Read/Write/Transfer'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Object Permissions - 'DefaultOpportunityAccess should not be Public Read/Write or Public Read/Write/Transfer'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Setting Password Policies - 'lockout period >= 30 minutes'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Setting Session Security - 'Enable clickjack protection for non-setup customer Visualforce pages = true'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	SYSTEM AND COMMUNICATIONS PROTECTION
Salesforce.com : Setting Session Security - 'Lock session to IP = true'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Setting Session Security - 'Review Salesforce console User'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Setting Session Security - 'Review Salesforce CRM Content User'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Setting Session Security - 'Review user types'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Setting Session Security - 'Review Work.com User'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Setting Session Security - 'Use POST requests for cross-domain sessions = true'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search