Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

2.3 Ensure monitoring and alerting exist for password sign-ins of SSO usersCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.2 L1 Unix Audit v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.4 L1 Windows Audit v1.0.0Windows

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB L1 Windows Audit v1.0.0Windows

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.4 L1 Unix Audit v1.0.0Unix

CONFIGURATION MANAGEMENT

9.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On'CIS Microsoft Azure Foundations v4.0.0 L2microsoft_azure

RISK ASSESSMENT

9.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'CIS Microsoft Azure Foundations v4.0.0 L2microsoft_azure

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

12.50 Intrusion detection system on host - 'Utilize'CIS v1.1.0 Oracle 11g OS L2Unix
12.50 Intrusion detection system on host - 'Utilize'CIS v1.1.0 Oracle 11g OS Windows Level 2Windows
CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_L1_DC.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows
CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_L1_MS.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows
CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_NG_DC.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 NG DCWindows
CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_NG_MS.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 NG MSWindows
CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0CIS Fedora 19 Family Linux Server L2 v1.0.0Unix
CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0Palo_Alto
DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits.DISA McAfee VirusScan 8.8 Managed Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits.DISA McAfee VirusScan 8.8 Local Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

F5BI-AS-000119 - The BIG-IP ASM module must be configured to automatically update malicious code protection mechanisms when providing content filtering to virtual servers.DISA F5 BIG-IP Application Security Manager STIG v2r2F5

SYSTEM AND INFORMATION INTEGRITY

FireEye - AAA is enabledTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - AAA tries local authentication firstTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - Boot manager password is setTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - Custom SNORT rules are enabledTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - Email encryption certificates are verifiedTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - FENet security content updates are applied automaticallyTNS FireEyeFireEye
FireEye - Greylists are enabledTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Guest imagesTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - IPMI should be connected to a restricted management networkTNS FireEyeFireEye
FireEye - LDAP encryption certificates are verifiedTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - Remote syslog is enabledTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Remote syslog logging level includes all errors and warningsTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - SNMP trap hosts that use community override use a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SNMP uses a secure community stringTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - SSH connections must be SSHv2TNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - SSH users are logged out after 15 minutes of inactivity or lessTNS FireEyeFireEye

ACCESS CONTROL

FireEye - USB media is not auto-mountedTNS FireEyeFireEye

MEDIA PROTECTION

FireEye - User 'admin' SSH access is disabledTNS FireEyeFireEye

ACCESS CONTROL

FireEye - Web interface does not use the system self-signed certificateTNS FireEyeFireEye

IDENTIFICATION AND AUTHENTICATION

FireEye - YARA policy applies both customer and FireEye rulesTNS FireEyeFireEye

SECURITY ASSESSMENT AND AUTHORIZATION

GEN008380 - A root kit check tool must be run on the system at least weekly.DISA STIG AIX 5.3 v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000015 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against application objects, including, at a minimum, application URLs and application code.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

ACCESS CONTROL

JUSX-IP-000016 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

ACCESS CONTROL

JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000023 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND INFORMATION INTEGRITY

JUSX-IP-000024 - The Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND INFORMATION INTEGRITY

MS.EXO.11.3v1 - The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

PANW-IP-000051 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected which indicate a compromise or potential for compromise.DISA STIG Palo Alto IDPS v3r1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

SonicWALL - SSL Control - Detect MD5 DigestTNS SonicWALL v5.9SonicWALL

SYSTEM AND INFORMATION INTEGRITY

SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limitsDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND INFORMATION INTEGRITY

SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - DoS incidents are detected. RulesDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND INFORMATION INTEGRITY