Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

2.1.1 Ensure 'extproc' Is Not EnabledCIS Oracle Database 19c v2.0.0 L1 RDBMS On Host OS WindowsWindows

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Ensure 'extproc' Is Not EnabledCIS Oracle Database 19c v2.0.0 L1 RDBMS On Host OS UnixUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_Debian_Linux_13_v1.0.0_L1_Workstation.audit from CIS Debian Linux 13 v1.0.0CIS Debian Linux 13 v1.0.0 L1 WorkstationUnix
CIS_Kubernetes_v1.24_v1.0.0_Level_1_Master.audit from CIS Kubernetes v1.24 Benchmark v1.0.0CIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

CIS_MongoDB_Benchmark_Level_1_OS_Unix_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0CIS MongoDB L1 Unix Audit v1.0.0Unix
CIS_MongoDB_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0CIS MongoDB L1 Windows Audit v1.0.0Windows
CIS_MongoDB_Benchmark_Level_2_OS_Unix_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0CIS MongoDB L2 Unix Audit v1.0.0Unix
CIS_Oracle_Linux_8_STIG_v1.0.0_CAT_II.audit from CIS Oracle Linux 8 STIG v1.0.0CIS Oracle Linux 8 STIG v1.0.0 CAT IIUnix
FireEye - A scheduled system backup job is configuredTNS FireEyeFireEye

CONTINGENCY PLANNING

FireEye - AAA failed logins are trackedTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA is enabledTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - AAA lockout settings apply to the 'admin' userTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA lockouts are enabledTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA lockouts occur after at most 5 failuresTNS FireEyeFireEye
FireEye - AAA tries local authentication firstTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - Boot image must be signedTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - Boot manager password is setTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - CLI commands do not hide any settings from administratorsTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Custom SNORT rules are enabledTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - Email encryption certificates are verifiedTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - FENet security content updates are applied automaticallyTNS FireEyeFireEye
FireEye - IPMI should be connected to a restricted management networkTNS FireEyeFireEye
FireEye - LDAP encryption certificates are verifiedTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - Local logging level is not overridden except by defaultsTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Local logging retention configurationTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Management interface is only accessible from specific IP rangesTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - NTP client is synchronizedTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - NTP client uses a custom serverTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - NTP is enabledTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Remote syslog is enabledTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Remote syslog logging level includes all errors and warningsTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Reports are run on a scheduleTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - SNMP is enabledTNS FireEyeFireEye
FireEye - SNMP trap hosts that use community override use a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SNMP traps use a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SNMP uses a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SNMP v3 users have passwordsTNS FireEyeFireEye

ACCESS CONTROL

FireEye - SNMP v3 uses AES instead of DESTNS FireEyeFireEye

ACCESS CONTROL

FireEye - SNMP v3 uses SHA instead of MD5TNS FireEyeFireEye

ACCESS CONTROL

FireEye - SSH connections must be SSHv2TNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - SSH users are logged out after 15 minutes of inactivity or lessTNS FireEyeFireEye

ACCESS CONTROL

FireEye - Time zone selectionTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - USB media is not auto-mountedTNS FireEyeFireEye

MEDIA PROTECTION

FireEye - User 'admin' SSH access is disabledTNS FireEyeFireEye

ACCESS CONTROL

FireEye - User connections are limited by subnet or VLANTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Web interface does not use the system self-signed certificateTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - YARA policy applies both customer and FireEye rulesTNS FireEyeFireEye

SECURITY ASSESSMENT AND AUTHORIZATION

FireEye - YARA rules are enabledTNS FireEyeFireEye

SECURITY ASSESSMENT AND AUTHORIZATION

NIST_macOS_Monterey_800-53r5_low_v1.0.0.audit from NIST macOS Monterey v1.0.0NIST macOS Monterey v1.0.0 - 800-53r5 LowUnix